-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Globus] Users with the same userid in different identity domains map to the same user #527
Comments
Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗 |
Have you tried setting |
I didn't, but I think this will not make much a difference because the email domain is also chopped to form the username which results in the same issue. |
I believe originally disabling the identity provider restriction altogether used to raise an exception and was not allowed, but was relaxed in favor of some use-cases where admins wanted to use multiple identity providers but take on the task of generating unique usernames themselves. However, these two things aren't mutually exclusive. If an admin disables the identity provider restriction, then A simple solution would be to update the OAuthenticator docs to warn admins about overriding |
Bug description
When using the GlobusOAuthenticator without restricting the identity provider, users with the same userid at different
identity providers are mapped to the same JupyterHub user.
Expected behaviour
Users coming from different identity providers should be mapped to different users in JupyterHub.
Actual behaviour
Example: A user with a google account
[email protected]
and another user with userid[email protected]
, will both be mapped to userjohn.doe
in JupyterHub.The relevant code is at
oauthenticator/oauthenticator/globus.py
Line 279 in 5837ca9
How to reproduce
Create a google account with the same userid as your institutional userid. For example, if your institutional identity is "[email protected]", then create a Google account
[email protected]
.Log in with both accounts, both will have access to the same user
u1234567
on JupyterHub.The text was updated successfully, but these errors were encountered: