I am trying to configure Jupyterhub using these instructions.
However, instead of Github authentication I would like to use either
1) Rstudio server like authentication where credentials are the same as linux user ones, or
2) I would like to integrate it with my Django app where the users can login through the Django app login credentials. Something like Coursera has done here: https://hub.coursera-notebooks.org/hub/login (maybe with a different framework)
How can i do it?
Rstudio server like authentication where credentials are the same as linux user ones
This is the default behavior of JupyterHub, which uses the PAMAuthenticator to login with existing system usernames and passwords.
I would like to integrate it with my Django app where the users can login through the Django app login credentials.
This would mean writing an Authenticator. If your django app is an OAuth provider, you can use the oauthenticator package, which implements logging in with OAuth2. You can write your own subclass of the base OAuthenticator that talks to your application, using the various implementations in that repo as an example.
If your application is not an OAuthenticator, you may need to start from the base Authenticator class and define .authenticate() method.
If you proxy JupyterHub behind your django app, the simplest way to authenticate is to check a header that the proxy sets for authenticated users (and make sure that only authenticated requests arrive at the Hub). The RemoteUserAuthenticator is one such example that relies on the REMOTE_USER header set by Apache during login.
Related
I am developing web platform which has to have 3 type of users (user, admin, partner companies). For the authentication I am considering to use google Identity platform with multitenancy (probably users in one tenant and admins are in different tenant).
As I understand from documentation, how do we integrate identity platform to our application is to create identity platform provider from console and integrate it into frontend with UI. From front-end, without contacting backend service we can sign up, login and logout by calling firebase SDK and it will give us authentication token. From backend I can check that token with middleware and decide if I agree the user as authenticated or not. Correct me if I am wrong.
Then I can get some metadata of authenticated user from the token, maybe email or name etc. But I want to store user related information on noSQL database as well. For example, if user wants to change his email I need to handle it in backend server, also, I'd like to store users log (access and audit log on somewhere else). In case of, I am using frontend UI and SDK how do log the access and audit information on my backend? also, when changing user's information, do I just write handler function in backend end update user's data with REST API or Admin SDK? what is the best practice over here? Or should I better write my own login and logout function on my backend then call REST API or Admin SDK? is there preferred way? Google is showing me only integration way of authentication from frontend?
BTW, I am deploying backend application on google cloud run, and frontend would be developed in react and should be deployed maybe in firebase or in cloud run as well.
Thanks
As per the Documentation,Yes your understanding is correct to integrate identity platform to the application.
You can store the user related information on a noSQL database like Firestore or Firebase Realtime Database. You can write the Rest API to change or update the user's information in the database.
If you want to write your own login and logout function, I don’t think it is necessary because Firebase Admin SDK provides these features. But if you want to manage user authentication in the backend for specific requirements, you can write your own login and logout function on the backend and use the Firebase Admin SDK.
For access and audit log information you can use Firebase Analytics, Firebase Analytics helps you understand what your users are doing in your app. It has all of the metrics that you’d expect in an app analytics tool combined with user properties like device type, app version, and OS version to give you insight into how users interact with your app.
But finally, the best way would depend on your requirements and use case.
I am trying to implement a Authentication Server using Django which will be used only for user authentication.
We have multiple services hosted on different subdomains like one.service.com, two.service.com, three.service.com etc. And we don't want our users to memorize/use different login credentials for each service. We want a system where user can authenticate themselves through the auth server and can access all the services of the subdomains.
Just think about Google or Microsoft, we just need one login credential and then we can access all of their services.
How can I implement this type of system for our services using Django ??
Note: We are primarily using JWTAuthentication for our servers.
Use SSO with SimpleJWT is the best and easier approach.
in Django settings set SESSION_COOKIE_DOMAIN to all subdomains use cookies and save tokens on that
check links for detail
I'm trying to setup OpenWisp Django-IPAM with WebUI authentication via LDAP. We have an OpenLDAP server within our network and I am looking to use a simple LDAP lookup to check for a valid user object for login.
I see that the API's generics.py file has an authentication_classes section, which then contains SessionAuthentication and BasicAuthentication.
Is this the same mechanism that handles the authentication for the Web UI? Is there a way to configure OpenWisp Django-IPAM to use something like Django-Auth-LDAP for authentication when logging into the web interface?
the authentication of the web UI of OpenWISP Django-IPAM works like default authentication of other django projects. So to use LDAP authentication at the web UI, you simply need to edit your settings.py file to contain the setups as shown here.
Something like django-auth-ldap will help, but users will have to start a session by authenticating against the django authentication backends before being able to use the API (eg: login via the admin or provide another login view).
After a successful LDAP authentication using the method mentioned above, a new local user will be created, which maps the LDAP user.
I'm not sure if LDAP authentication requires a redirect to another application (like oauth2 or SAML) or if username and password are just redirected behind the scenes, in the latter case, BasicAuthentication should work, I just look at its code and it looks like it respect the standard django authentication framework, which supports multiple authentication backends (the LDAP backend is provided by the third party app suggested above).
A sidenote: we're moving the development of django-ipam to openwisp-ipam, It's mostly the same. I suggest you to upgrade.
I already have a django app running on App Engine, but the current user authentication is provided by Djoser, which uses a simple token authentication.
Now I want to write some new APIs to third party applications to allow them to access user data. So I need to implement the OAuth2.0 authentication.
I found some libraries such as django-oauth-toolkit. But the tutorial assumes that you build your app and database from scratch. So I wonder if there's a way to use my current user database to do OAuth2.0 authentication, instead of asking the user to signup again with the same username. Thanks.
So there's no need to start all over again from a new user database. One can continue using whatever authentication methods currently being used to register users. Just write a new app (for the new APIs) and add OAuth2 and run a database migration, which will build several tables needed by OAuth2.
When the OAuth2 authentication process starts, these tables will be filled with grants and access tokens and client application related info.
I'm running a Django app, and I'd like to make a Chrome extension to allow users to post content. My users can sign in via Twitter, Facebook, and Google (via python-social-auth). I presently do not require accounts to have passwords, so there's no way to log in outside of the oAuth2 methods. How can I authenticate users in the Chrome extension to allow them to post?
The workflow would be something like this:
Install Chrome extension
Authenticate with my site, which has no password-based user accounts
Interact with my API (w/ authentication also via separate oAuth2 consumer, presumably)
I was able to read the user's session cookie from my site's domain and interact with my API w/o a problem.