After a lot of trial and error this is the basic working configuration I have found
hub:
config:
# https://zero-to-jupyterhub.readthedocs.io/en/latest/administrator/authentication.html#id1
# https://dex.somedomain.net/.well-known/openid-configuration
GenericOAuthenticator:
client_id: JupyterHub-auth
client_secret: "some long quoted value "
oauth_callback_url: https://jupyterhubro.somedomain.net/hub/oauth_callback
authorize_url: https://dex.somedomain.net/auth
token_url: https://dex.somedomain.net/token
userdata_url: https://dex.somedomain.net/userinfo
login_service: dex
username_key: name
# allowed_groups: ["your group"]
userdata_params:
state: state
scope:
- openid
- groups
- profile
- email
JupyterHub:
authenticator_class: generic-oauth
# See the [official documentation](https://dexidp.io/docs/).
# https://github.com/dexidp/dex/blob/master/config.yaml.dist
# https://github.com/dexidp/dex/blob/master/examples/config-dev.yaml
# https://github.com/laurelnaiad/k8s-on-eoan/blob/master/k8s-config/dex.sh
# https://dexidp.io/docs/connectors/ldap/
config:
issuer: https://dex.somedomain.net/
storage:
type: kubernetes
config:
inCluster: true
web:
http: 0.0.0.0:5556
allowedOrigins: ['*.somedomain.net']
staticClients:
# https://zero-to-jupyterhub.readthedocs.io/en/latest/administrator/authentication.html#id1
- id: JupyterHub-auth
name: JupyterHub-auth
secret: "some long quoted value "
redirectURIs:
- https://jupyterhub.somedomain.net/hub/oauth_callback
- http://jupyterhub.somedomain.net/hub/oauth_callback
public: true