Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Identity API at /api/me #671

Merged
merged 2 commits into from
Apr 29, 2022
Merged

Identity API at /api/me #671

merged 2 commits into from
Apr 29, 2022

Commits on Apr 29, 2022

  1. add /api/me to get identity and permissions model 

    identity includes fields:

- username: str
- name: Optional[str]
- display_name: Optional[str]
- initials: Optional[str]
- avatar_url: Optional[str]
- color: Optional[str]

permissions is sibling to identity,
with the form: {"resource": ["action", ],}

where permissions are only populated _by request_,
because the server cannot know what all resource/action combinations are available.

Defines new jupyter_server.auth.IdentityProvider API for implementing authorization

- IdP.get_user(Handler) returns User dataclass
- IdP.identity_model renders dataclass to standard JSON dict model
- IdP.get_handlers returns possible custom RequestHandlers (e.g. OAuth callback)
- get user_id from cookie, even when token-authenticated,
  for stable random user ids in the default implementation, even for token-authenticated requests.

Default get_user implementation still resides in LoginHandler.get_user,
to be moved and deprecated in subsequent PR.

Ensures authorizer, identity_provider are defined
in case of custom Application, load default Authorizer/IdentityProvider if none is available in settings

For CI: Fix numpy-style docstring format
    @minrk @Zsailer
    minrk authored and Zsailer committed Apr 29, 2022
    Configuration menu
    Copy the full SHA
    d1e061e View commit details
    Browse the repository at this point in the history

  2. allow get_user to be async 

    careful to deprecate overridden get_current_user without ignoring auth

Needs some changes due to early steps that are called before prepare,
but must now be moved to prepare due to the reliance on auth info.

- setting CORS headers (set_default_headers)
- check_xsrf_cookie
- check_origin

now that get_user is async, we have to re-run these bits in prepare after user is authenticated
    @minrk @Zsailer
    minrk authored and Zsailer committed Apr 29, 2022
    Configuration menu
    Copy the full SHA
    fdfaba4 View commit details
    Browse the repository at this point in the history