examples/service-whoami-flask: Add scope to user role

For ordinary users to access the service, they need an appropriate scope added to the user role. This adds that role in the jupyterhub_config.py, as well as a note about this in the README. It also updates the ouptut that comes form the whoami service.
thedataincubator · Jan 18, 2024 · 8a5fc80 · 8a5fc80
1 parent cc9d9e4
commit 8a5fc80
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 4 deletions.
diff --git a/examples/service-whoami-flask/README.md b/examples/service-whoami-flask/README.md
@@ -15,14 +15,19 @@ After logging in with your local-system credentials, you should see a JSON dump
 ```json
 {
   "admin": false,
-  "last_activity": "2016-05-27T14:05:18.016372",
+  "groups": [],
+  "kind": "user",
   "name": "queequeg",
-  "pending": null,
-  "server": "/user/queequeg"
+  "scopes": [
+    "access:services!service=whoami",
+    "read:users:groups!user=queequeg",
+    "read:users:name!user=queequeg"
+  ],
+  "session_id": "a32e59cdd7b445759c58c48e47394a38"
 }
 ```
 
-This relies on the Hub starting the whoami service, via config (see [jupyterhub_config.py](./jupyterhub_config.py)).
+This relies on the Hub starting the whoami service, via config (see [jupyterhub_config.py](./jupyterhub_config.py)).  For ordinary users to access this service, they need to be given the appropriate scope (again, see [jupyterhub_config.py](./jupyterhub_config.py)).
 
 A similar service could be run externally, by setting the JupyterHub service environment variables:
 

diff --git a/examples/service-whoami-flask/jupyterhub_config.py b/examples/service-whoami-flask/jupyterhub_config.py
@@ -6,6 +6,15 @@
         'environment': {'FLASK_APP': 'whoami-flask.py'},
     },
 ]
+c.JupyterHub.load_roles = [
+    {
+        'name': 'user',
+        'scopes': [
+            'access:services!service=whoami',
+            'self'
+        ]
+    }
+]
 
 # dummy auth and simple spawner for testing
 # any username and password will work