[Auth0] Using Auth0 usernames instead of email addresses
See original GitHub issueI noticed that https://github.com/jupyterhub/oauthenticator/blob/master/oauthenticator/auth0.py
appears to hardcode use of email address as the username when using Auth0. Is there a way to allow Auth0 USERNAME as the JupyterHub username? It would make my life a lot easier to not have usernames locked to email addresses.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:1
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Adding Username for Database Connections - Auth0
Adding Username for Database Connections. For database connections, you can have your users sign in with a username instead of their email address....
Read more >Username set as email, how to change so that ID or Name ...
Hi Auth0 Fam,. With my current implementation of Auth0 it's using the users email as their username & firstname.
Read more >Does Auth0 support non-email based login (phone number ...
Answer: Auth0 supports passwordless authentication with SMS, this method allows the user to sign in with a phone number instead of email.
Read more >Nickname contains the beginning of the email address instead ...
Hi all, I have turned on the “requires username” switch in the database - Username-Password-Authentication settings. Auth0 indeed asks the ...
Read more >Does Auth0 Support non-email based login like phone ...
JWT How to login with username or with phone and not with email? Does Auth0 support non-email based login (phone number, username)?. Using...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
OK, I attempted to set up the generic Oauth authenticator, using the following settings (these are from TLJH config):
and this just seems to generate a
ERR_TOO_MANY_REDIRECTS
in Chrome. 😦I also, as a brute force approach, tried to edit my auth0.py file and replaced
'name': resp_json["email”]
with'name': resp_json["username”]
but that triggered a 500 Server error, the TLJH logs indicating that this is becauseI would really appreciate if someone can find some way to use Auth0 usernames as the account names for JupyterHub.
Writing this out after working through this myself…
You’ll need to check that your scope actually includes the username, and that auth0 is returning a username (which will depend on what you’re using to authenticate with auth0 itself). A scope defines what information will be returned about the user.
There are three ‘scopes’ available with auth0: openid, email and profile. It’s likely you’re using the first two and need to add ‘profile’ by specifying this in your jupyterhub_config.py:
c.Auth0OAuthenticator.scope = ['openid', 'email', 'profile']
This will expose these fields in the auth0 userinfo response:
name, family_name, given_name, middle_name, nickname, picture, and updated_at
From my brief testing with auth0’s built-in user database (as opposed to connecting to a third-party auth platform), the ‘username’ field appears to be exposed as ‘nickname’ in the /userinfo response:
{"sub": "auth0|12345", "nickname": "myusernamehere", "name": "myemail@email.com", "picture": "", "updated_at": "2019-11-07T13:33:58.827Z", "email": "myemail@email.com", "email_verified": false}
…and so, after including the ‘profile’ scope in jupyterhub_config.py, I could reference this username in auth0.py by replacing email with ‘nickname’:
If you’re using a different source for authentication (e.g. Active Directory, Google, Facebook), it’s possible you’ll need to do some playing to see if the username is exposed in the ‘profile’ scope, or if you need to expose it manually using auth0 rules (which is a whole other game).
To help see the actual response JupyterHub is getting from auth0, I found it easy to just dump this to a file by adding this code…
…after:
…which just dumps the json response into a file in my home directory.
More reading: https://auth0.com/docs/scopes/current/oidc-scopes
Best of luck!