From 8a5fc8044aa8b1f96a157efd8562091b92529ad4 Mon Sep 17 00:00:00 2001
From: Robert Schroll <rschroll@gmail.com>
Date: Thu, 18 Jan 2024 15:15:44 -0800
Subject: [PATCH] examples/service-whoami-flask: Add scope to user role

For ordinary users to access the service, they need an appropriate
scope added to the user role.  This adds that role in the
jupyterhub_config.py, as well as a note about this in the README.
It also updates the ouptut that comes form the whoami service.
---
 examples/service-whoami-flask/README.md            | 13 +++++++++----
 examples/service-whoami-flask/jupyterhub_config.py |  9 +++++++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/examples/service-whoami-flask/README.md b/examples/service-whoami-flask/README.md
index b90f4f4401..e236c5cd31 100644
--- a/examples/service-whoami-flask/README.md
+++ b/examples/service-whoami-flask/README.md
@@ -15,14 +15,19 @@ After logging in with your local-system credentials, you should see a JSON dump
 ```json
 {
   "admin": false,
-  "last_activity": "2016-05-27T14:05:18.016372",
+  "groups": [],
+  "kind": "user",
   "name": "queequeg",
-  "pending": null,
-  "server": "/user/queequeg"
+  "scopes": [
+    "access:services!service=whoami",
+    "read:users:groups!user=queequeg",
+    "read:users:name!user=queequeg"
+  ],
+  "session_id": "a32e59cdd7b445759c58c48e47394a38"
 }
 ```
 
-This relies on the Hub starting the whoami service, via config (see [jupyterhub_config.py](./jupyterhub_config.py)).
+This relies on the Hub starting the whoami service, via config (see [jupyterhub_config.py](./jupyterhub_config.py)).  For ordinary users to access this service, they need to be given the appropriate scope (again, see [jupyterhub_config.py](./jupyterhub_config.py)).
 
 A similar service could be run externally, by setting the JupyterHub service environment variables:
 
diff --git a/examples/service-whoami-flask/jupyterhub_config.py b/examples/service-whoami-flask/jupyterhub_config.py
index 71e890d9d6..32fdfd81ec 100644
--- a/examples/service-whoami-flask/jupyterhub_config.py
+++ b/examples/service-whoami-flask/jupyterhub_config.py
@@ -6,6 +6,15 @@
         'environment': {'FLASK_APP': 'whoami-flask.py'},
     },
 ]
+c.JupyterHub.load_roles = [
+    {
+        'name': 'user',
+        'scopes': [
+            'access:services!service=whoami',
+            'self'
+        ]
+    }
+]
 
 # dummy auth and simple spawner for testing
 # any username and password will work