Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

[AzureAD] "/" as part of the username. #529

Open
vwoloszyn opened this issue Aug 1, 2022 · 3 comments
Open

[AzureAD] "/" as part of the username. #529

vwoloszyn opened this issue Aug 1, 2022 · 3 comments
Labels

Comments

@vwoloszyn
Copy link

Hello, I would like to report a bug about AzureAdOAuthenticator

[W 2022-08-01 09:22:21.101 JupyterHub auth:486] Disallowing invalid username 'woloszyn vinicius (xc-dx/epe4)'.
[W 2022-08-01 09:22:21.101 JupyterHub base:768] Failed login for unknown user
[W 2022-08-01 09:22:21.124 JupyterHub log:189] 403 GET /hub/oauth_callback?code=[secret]&state=[secret]&session_state=[secret] (@10.224.0.5) 295.68ms
[I 2022-08-01 09:22:50.209 JupyterHub proxy:347] Checking routes

Bug description

Expected behaviour

My username is correct, but jupyterhub does not accept "'/'" as part of the username, as described here:
https://github.com/jupyterhub/jupyterhub/blob/28b11d2165801ea252a88e73779223084ade5b7d/jupyterhub/auth.py#L248

Actual behaviour

Receive the following error log:

[W 2022-08-01 09:22:21.101 JupyterHub auth:486] Disallowing invalid username 'woloszyn vinicius (xxx-xxx/xxxx)'.
[W 2022-08-01 09:22:21.101 JupyterHub base:768] Failed login for unknown user
[W 2022-08-01 09:22:21.124 JupyterHub log:189] 403 GET /hub/oauth_callback?code=[secret]&state=[secret]&session_state=[secret] (@10.224.0.5) 295.68ms
[I 2022-08-01 09:22:50.209 JupyterHub proxy:347] Checking routes

How to reproduce

This is the

hub:
  config:
    AzureAdOAuthenticator:
      client_id: your-client-id
      client_secret: your-client-secret
      oauth_callback_url: https://your-jupyterhub-domain/hub/oauth_callback
      tenant_id: your-tenant-id
    JupyterHub:
      authenticator_class: azuread

Your personal setup

I guess the problem is that the user name is correct, but the jupyterhub does not accept usernames containing the char "/"

I guess, instead of allowing or disallowing users, the best would be to parse (or accept) the current username (which is correct).

Thanks!

@vwoloszyn vwoloszyn added the bug label Aug 1, 2022
@welcome
Copy link

welcome bot commented Aug 1, 2022

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
welcome
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

@welcome

This comment was marked as duplicate.

@consideRatio consideRatio transferred this issue from jupyterhub/jupyterhub Aug 1, 2022
@consideRatio consideRatio changed the title AzureAdOAuthenticator: "/" as part of the username. [AzureAD] "/" as part of the username. Apr 1, 2023
@VolkerFelix
Copy link

I solved it in the following way:
The 'unique_name' is the email address of the user in my case

from oauthenticator.azuread import LocalAzureAdOAuthenticator
from traitlets import default

# Override username claim
class CustomAzureAdOAuth(LocalAzureAdOAuthenticator):

    @default('username_claim')
    def _username_claim_default(self):
        return 'unique_name'

    def normalize_username(self, username):
        return username.split("@")[0]

c.JupyterHub.authenticator_class = CustomAzureAdOAuth

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants