Merge pull request #729 from minrk/awscognito

update awscognito docs to use GenericOAuthenticator

docs/howto/auth/awscognito.rst

@@ -33,75 +33,73 @@ Create an AWS Cognito application
 
 
 Install and configure an AWS EC2 Instance with userdata
-========================================================
+=======================================================
 
 By adding following script to the ec2 instance user data you should be
-able to configure the instance automatically, replace relevant config variables::
+able to configure the instance automatically, replace relevant placeholders::
 
         #!/bin/bash
         ##############################################
-        # Setup systemd environment variable overrides
+        # Ensure tljh is up to date
-        ##############################################
-        mkdir /etc/systemd/system/jupyterhub.service.d
-
-        echo "[Service]
-        Environment=AWSCOGNITO_DOMAIN=${awscognito_domain}" >> /etc/systemd/system/jupyterhub.service.d/jupyterhub.conf
-        
-        ##############################################
-        # Need to ensure oauthenticator is bumped to 0.10.0
         ##############################################
         curl -L https://tljh.jupyter.org/bootstrap.py \
           | sudo python3 - \
             --admin insightadmin
 
         ##############################################
-        # Setup aws Cognito Authenticator 
+        # Setup AWS Cognito OAuthenticator
         ##############################################
-        echo "c.AWSCognitoAuthenticator.client_id='${client_id}'
+        echo > /opt/tljh/config/jupyterhub_config.d/awscognito.py <<EOF
-        c.AWSCognitoAuthenticator.client_secret='${client_secret}'
+        c.GenericOAuthenticator.client_id = "[your app client ID]"
-        c.AWSCognitoAuthenticator.oauth_callback_url='${callback_url}'
+        c.GenericOAuthenticator.client_secret = "[your app client secret]"
-        c.AWSCognitoAuthenticator.username_key='username'
+        c.GenericOAuthenticator.oauth_callback_url = "https://[your-jupyterhub-host]/hub/oauth_callback"
-        c.AWSCognitoAuthenticator.oauth_logout_redirect_url='${logout_url}'" >> /opt/tljh/config/jupyterhub_config.d/awscognito.py
 
+        c.GenericOAuthenticator.authorize_url = "https://your-AWSCognito-domain/oauth2/authorize"
+        c.GenericOAuthenticator.token_url = "https://your-AWSCognito-domain/oauth2/token"
+        c.GenericOAuthenticator.userdata_url = "https://your-AWSCognito-domain/oauth2/userInfo"
+        c.GenericOAuthenticator.logout_redirect_url = "https://your-AWSCognito-domain/oauth2/logout"
 
-        tljh-config set auth.type oauthenticator.awscognito.AWSCognitoAuthenticator
+        # these are always the same
+        c.GenericOAuthenticator.login_service = "AWS Cognito"
+        c.GenericOAuthenticator.username_key = "username"
+        c.GenericOAuthenticator.userdata_method = "POST"
+        EOF
+
+        tljh-config set auth.type oauthenticator.generic.GenericOAuthenticator
 
         tljh-config reload
 
-Manual configuration to use the AWS Cognito Oauthenticator
+Manual configuration to use the AWS Cognito OAuthenticator
-============================================================
+==========================================================
 
-Assuming tljh has already been installed, we need to make sure the oautheneticator module is at 0.10.0 and if not 
+AWS Cognito is configured as a generic OAuth provider.
-do a pip install oauthenticator>=0.10.0
 
-Because the AWS Congito authenticator uses environment variables and the systemd script we need to pass the 
+Using your preferred editor create the config file::
-the AWS Cognito domain in via systemd we can do this by creating a systemd service overide file::
 
-        /etc/systemd/system/jupyterhub.service.d/jupyterhub.conf
+    /opt/tljh/config/jupyterhub_config.d/awscognito.py
 
-and add the following::
+substituting the relevant variables::
 
-        [Service]
+    c.GenericOAuthenticator.client_id = "[your app ID]"
-        Environment=AWSCOGNITO_DOMAIN=https://<<my_jupyter_hub>.auth.eu-west-1.amazoncognito.com
+    c.GenericOAuthenticator.client_secret = "[your app Password]"
+    c.GenericOAuthenticator.oauth_callback_url = "https://[your-jupyterhub-host]/hub/oauth_callback"
 
-Using your prefered editor create the config file::
+    c.GenericOAuthenticator.authorize_url = "https://your-AWSCognito-domain/oauth2/authorize"
+    c.GenericOAuthenticator.token_url = "https://your-AWSCognito-domain/oauth2/token"
+    c.GenericOAuthenticator.userdata_url = "https://your-AWSCognito-domain/oauth2/userInfo"
+    c.GenericOAuthenticator.logout_redirect_url = "https://your-AWSCognito-domain/oauth2/logout"
 
-        /opt/tljh/config/jupyterhub_config.d/awscognito.py
+    # these are always the same
-
+    c.GenericOAuthenticator.login_service = "AWS Cognito"
-subsituting the relevant variables::
+    c.GenericOAuthenticator.username_key = "username"
-
+    c.GenericOAuthenticator.userdata_method = "POST"
-        c.AWSCognitoAuthenticator.client_id='${client_id}'
-        c.AWSCognitoAuthenticator.client_secret='${client_secret}'
-        c.AWSCognitoAuthenticator.oauth_callback_url='${callback_url}'
-        c.AWSCognitoAuthenticator.username_key='username'
-        c.AWSCognitoAuthenticator.oauth_logout_redirect_url='${logout_url}'
 
 We'll use the ``tljh-config`` tool to configure your JupyterHub's authentication.
 For more information on ``tljh-config``, see :ref:`topic/tljh-config`.
 
-#. Tell your JupyterHub to *use* the AWS Cognito OAuthenticator for authentication::
+#. Tell your JupyterHub to use the GenericOAuthenticator for authentication::
 
-     tljh-config set auth.type oauthenticator.awscognito.AWSCognitoAuthenticator
+     tljh-config set auth.type oauthenticator.generic.GenericOAuthenticator
 
 #. Restart your JupyterHub so that new users see these changes::