zhangyiss/the-littlest-jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/the-littlest-jupyterhub.git synced 2025-12-18 21:54:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #887 from consideRatio/pr/awscogito-example

Browse Source 
docs(awscognito): add custom claims example
This commit is contained in:
Erik Sundell
2023-05-13 20:04:49 +02:00
committed by GitHub
parent 186ae7171c 8dba109c43
commit 3e2f8cabfd
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
docs/howto/auth/awscognito.md
View File

@@ -126,3 +126,20 @@ For more information on `tljh-config`, see [](/topic/tljh-config).
Jupyter interface used in this JupyterHub. Jupyter interface used in this JupyterHub.
5. **If this does not work** you can revert back to the default 5. **If this does not work** you can revert back to the default
JupyterHub authenticator by following the steps in [](/howto/auth/firstuse). JupyterHub authenticator by following the steps in [](/howto/auth/firstuse).
## Optionally using custom claims for group mapping
If you use AWS Cognito to federate with an OIDC provider and you want to
authorize your users based on e.g. their department claim, you have to make sure
that the custom claim is provided as array.
If it is not provided as array, there is an easy fix. Just add these lines to
your `awscognito.py`:
```python
def claim_groups_key_func(user_data_resp_json):
return [user_data_resp_json['custom:department']]
c.GenericOAuthenticator.claim_groups_key = claim_groups_key_func
c.GenericOAuthenticator.allowed_groups = ["AA BB CC", "AA BB DD"]
```