Federated Authentication Utilizing Auth0
Auth0 is an OAuth2-based authentication provider that allows use of disparate authentication mechanisms within a single application. Because research environments are often hosted by large enterprises with varying degrees of compliance concerns, leveraging existing authentication mechanisms and access controls tends to be a requirement. Auth0 supports integration with disparate existing SAML, LDAP, OAuth2 or other authentication services across institutional boundaries and exposes these services through a single OAuth2 provider.
By using our Auth0OAuthenticator implementation, which was released in the latest public JupyterHub distributions on PyPi and GitHub, a JupyterHub instance can authenticate users against one or more institutional or social authentication providers through the Auth0 service.
Volume-Naming Extension Point for DockerSpawner
JupyterHub's DockerSpawner implementation allows a user's Jupyter Notebook server to be started using a Docker image. This facilitates default package configuration for operations personnel and allows the user themselves to recover a crashed Jupyter server in a matter of seconds without help.
Because named Docker volumes are mapped to folders with UUIDs as their names by default, it is preferrable for ease of backup and management operations to use host mapped Docker volumes with sensible names instead. By default, host mapped volumes created in JupyterHub use the unescaped username as a volume name. Because our Auth0OAuthenticator uses email addresses as usernames, the @ sign results in an illegal Docker volume name. To work around this limitation, we have contributed back to the JupyterHub community an extension point to configure custom volume naming logic.
The DockerSpawner implementation, which was released in the latest public JupyterHub distributions on PyPi and GitHub, includes this extension point and supporting documentation.