Skip to content

Labs deployment + Cognito Auth updates #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ccjoel merged 15 commits into from
Nov 25, 2025
Merged

Labs deployment + Cognito Auth updates #181

ccjoel merged 15 commits into from
Nov 25, 2025

Conversation

@ccjoel
Copy link
Contributor

@ccjoel ccjoel commented Nov 24, 2025

No description provided.

mattprintz and others added 13 commits November 19, 2025 14:10
@mattprintz
Merge from server-upgrades/server-traitlet-refactor
25c6926
@mattprintz
Merge from labs-beakerhub-api-changes-v2
cff81de
@mattprintz
Cleanup and current_user fix
d8e1fe6
@mattprintz
Adding cognito.py that was missed before
47e3087
@ccjoel
Restore create session with user-selected context functionality.
0905ff6
@ccjoel
Tested cognito auth working, as well as creating new kernel session w…
cb367f7 
…ith user-specified context.
@ccjoel
Remove pending commented diff markers.
6bf1ac7
@ccjoel
Protect against CSRF naturally with strict samesite cookie policy.
3b30cdd
@ccjoel
Merge remote-tracking branch 'origin/dev' into labs-3-way-merge
94280e3
@ccjoel
Restoring imports on beaker_kernel/service/base/py aftermerge
ae6c4ac
@ccjoel
When running as non-root locally (usually local dev)- don't throw an …
667d5e0 
…exceptio if

unable to change user home dir permissions. Clean updates to cognito.py. xsrf
endpoint to add xsrf token on cookies for BeakerHub to use before we hit
beaker-kernel endpoints.
@ccjoel
Added readme not on how to condifure cognito authorizer.
cdabe3f
@ccjoel
Change to ensure it works with NotebookAuthorizer even though we adde…
92255b7 
…d home dir (on auth/__init__.py).
@ccjoel ccjoel requested a review from mattprintz November 24, 2025 16:30
@ccjoel ccjoel marked this pull request as ready for review November 24, 2025 16:30
ccjoel
ccjoel commented Nov 24, 2025
View reviewed changes
beaker_kernel/service/auth/__init__.py Outdated
if result and not isinstance(result, BeakerUser):
# Convert standard User to BeakerUser
logging.debug(f"Converting {type(result).__name__} to BeakerUser")
result = BeakerUser(
Copy link
Contributor Author

@ccjoel ccjoel Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mattprintz this is what I mentioned on today's sync re: having issues with the user "not being a BeakerUser" when using the default Notebook Identity Provider. Without this I wasn't able to run with the base provider.

ccjoel
ccjoel commented Nov 24, 2025
View reviewed changes
beaker_kernel/service/base.py
shutil.chown(virtual_home_dir, user=subkernel_user, group=subkernel_user)
# Try to change ownership if running as root/privileged user
try:
shutil.chown(virtual_home_dir, user=subkernel_user, group=subkernel_user)
Copy link
Contributor Author

@ccjoel ccjoel Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Had to add try/catch so this would work with default identity provider (nor cognito), else it would crash. I can't recall if this was needed for using with the CognitoAppManagedIdentityHeadersProvider as well

ccjoel
ccjoel commented Nov 24, 2025
View reviewed changes
beaker_kernel/service/base.py
"""

@web.authenticated
async def get(self):
Copy link
Contributor Author

@ccjoel ccjoel Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the BeakerHub UI (Dashboard, etc) to use the token in its cookies. Fetched once by UI as long as the cookie is valid and still on Headers.

mattprintz
mattprintz approved these changes Nov 25, 2025
View reviewed changes
Copy link
Collaborator

@mattprintz mattprintz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@ccjoel ccjoel merged commit b5a29ff into dev Nov 25, 2025
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mattprintz mattprintz mattprintz approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ccjoel @mattprintz