Description:
We are using Azure SSO for authentication with JupyterHub. Within our JupyterLab environment (or a custom image based on JupyterLab), we have a functionality that requires GitHub OAuth authentication.
The main challenge we are facing is determining the appropriate callback URL for GitHub OAuth. Since each user has their own callback URL, we are uncertain if there is a common callback URL that can be used in this scenario.
Additionally, when testing with a particular user's URL as a static callback URL for GitHub OAuth, we encounter the following error:
OAuth state does not match
It seems like GitHub's state parameter is being compared to a None value on the JupyterHub side. Despite having enable_auth_state set to true, the state is being stored as an empty object {} in the SQLite database, as confirmed upon inspection.
We are not sure if this is a bug or a misconfiguration on our end.
Furthermore, we want to know if the JupyterHub server also acts as a proxy or gateway for routes available in JupyterLab (or the custom image based on JupyterLab) once a user has successfully logged in. If so, how can we access the lab container's server routes from outside JupyterHub? If not, is there any configuration or modification we can apply to JupyterHub to expose these routes?
Questions:
Is there a recommended common callback URL for GitHub OAuth in this multi-user Azure SSO scenario?
How can we prevent the OAuth state mismatch error from occurring?
Is it possible to bypass the state check, or is there a better approach to resolve this issue?
Can JupyterHub serve as a path for accessing routes within JupyterLab or its custom image? If so, how can we configure it?
Are there any alternative solutions for accessing the container's server routes externally?
Description:
We are using Azure SSO for authentication with JupyterHub. Within our JupyterLab environment (or a custom image based on JupyterLab), we have a functionality that requires GitHub OAuth authentication.
The main challenge we are facing is determining the appropriate callback URL for GitHub OAuth. Since each user has their own callback URL, we are uncertain if there is a common callback URL that can be used in this scenario.
Additionally, when testing with a particular user's URL as a static callback URL for GitHub OAuth, we encounter the following error:
It seems like GitHub's state parameter is being compared to a
Nonevalue on the JupyterHub side. Despite havingenable_auth_stateset totrue, the state is being stored as an empty object{}in the SQLite database, as confirmed upon inspection.We are not sure if this is a bug or a misconfiguration on our end.
Furthermore, we want to know if the JupyterHub server also acts as a proxy or gateway for routes available in JupyterLab (or the custom image based on JupyterLab) once a user has successfully logged in. If so, how can we access the lab container's server routes from outside JupyterHub? If not, is there any configuration or modification we can apply to JupyterHub to expose these routes?
Questions:
Is there a recommended common callback URL for GitHub OAuth in this multi-user Azure SSO scenario?
How can we prevent the OAuth state mismatch error from occurring?
Is it possible to bypass the state check, or is there a better approach to resolve this issue?
Can JupyterHub serve as a path for accessing routes within JupyterLab or its custom image? If so, how can we configure it?
Are there any alternative solutions for accessing the container's server routes externally?