Try generic oauth

jupyter/jupyter-application.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://platform.sunet.se/streams/streams-manifests.git
-    targetRevision: streams-manifests-2025-02-03-v03
+    targetRevision: streams-manifests-2025-02-03-v05
     path: jupyter/overlays/test
   destination:
     server: https://kubernetes.default.svc

jupyter/overlays/test/values/values.yaml

@@ -13,29 +13,30 @@ hub:
       storageClassName: csi-sc-cinderplugin
   extraConfig:
     oauthCode: |
+      import os
       from oauthenticator.generic import GenericOAuthenticator
 
-      class KeycloakOAuthenticator(GenericOAuthenticator):
-        def __init__(self, *args, **kwargs):
-          super().__init__(*args, **kwargs)
-          self.user_dict = {}
+      keycloak_base = 'https://' + os.environ['OAUTH2_HOST'] + '/realms/' + os.environ['OAUTH2_REALM'] + '/protocol/openid-connect'
+      os.environ['OAUTH2_TOKEN_URL'] = keycloak_base + '/token'
+      os.environ['OAUTH2_AUTHORIZE_URL'] = keycloak_base + '/auth'
 
-      keycloak_base = 'https://' + os.environ['KEYCLOAK_HOST'] + '/realms/' + os.environ['KEYCLOAK_REALM'] + '/protocol/openid-connect'
+      c.JupyterHub.authenticator_class = 'GenericOAuthenticator'
 
-      c.JupyterHub.authenticator_class = KeycloakOAuthenticator
-      c.KeycloakOAuthenticator.admin_users = ['kano', 'benedith']
-      c.KeycloakOAuthenticator.allow_all = True
-      c.KeycloakOAuthenticator.authorize_url = keycloak_base + '/auth'
-      c.KeycloakOAuthenticator.client_id = os.environ['KEYCLOAK_CLIENT_ID']
-      c.KeycloakOAuthenticator.client_secret = os.environ['KEYCLOAK_CLIENT_SECRET']
-      c.KeycloakOAuthenticator.enable_auth_state = True
-      c.KeycloakOAuthenticator.login_service = 'Keycloak'
-      c.KeycloakOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
-      c.KeycloakOAuthenticator.refresh_pre_spawn = True
-      c.KeycloakOAuthenticator.token_url =  keycloak_base + '/token'
-      c.KeycloakOAuthenticator.userdata_params = {'state': 'state'}
-      c.KeycloakOAuthenticator.userdata_url = keycloak_base + '/userinfo'
-      c.KeycloakOAuthenticator.username_key = 'username'
+      c.OAuthenticator.client_id = os.environ['OAUTH2_CLIENT_ID']
+      c.OAuthenticator.client_secret = os.environ['OAUTH2_CLIENT_SECRET']
+
+      c.GenericOAuthenticator.token_url =  os.environ['OAUTH2_TOKEN_URL']
+      c.GenericOAuthenticator.userdata_url = keycloak_base + '/userinfo'
+      c.GenericOAuthenticator.userdata_method = 'GET'
+      c.GenericOAuthenticator.userdata_params = {'state': 'state'}
+      c.GenericOAuthenticator.username_key = 'preferred_username'
+      c.GenericOAuthenticator.admin_users = ['kano', 'benedith']
+      c.GenericOAuthenticator.allow_all = True
+      c.GenericOAuthenticator.authorize_url = os.environ['OAUTH2_AUTHORIZE_URL']
+      c.GenericOAuthenticator.enable_auth_state = True
+      c.GenericOAuthenticator.login_service = 'Keycloak'
+      c.GenericOAuthenticator.oauth_callback_url = 'https://' + os.environ['JUPYTER_HOST'] + '/hub/oauth_callback'
+      c.GenericOAuthenticator.refresh_pre_spawn = True
   extraEnv:
     JUPYTER_HOST: jupyter-test.streams.sunet.se
     JUPYTERHUB_API_KEY:
@@ -48,18 +49,18 @@ hub:
         secretKeyRef:
           name: jupyterhub-secrets
           key: crypt-key
-    KEYCLOAK_CLIENT_ID:
+    OAUTH2_CLIENT_ID:
       valueFrom:
         secretKeyRef:
           name: keycloak-oauth-secrets
           key: client-id
-    KEYCLOAK_CLIENT_SECRET:
+    OAUTH2_CLIENT_SECRET:
       valueFrom:
         secretKeyRef:
           name: keycloak-oauth-secrets
           key: client-secret
-    KEYCLOAK_HOST: keycloak-test.streams.sunet.se
-    KEYCLOAK_REALM: streams
+    OAUTH2_HOST: keycloak-test.streams.sunet.se
+    OAUTH2_REALM: streams
 singleuser:
   image:
     name: quay.io/jupyter/datascience-notebook