Skip to content

[CILogon] support callable username_claim#823

Open
minrk wants to merge 2 commits into
jupyterhub:mainfrom
minrk:cilogon_username_claim
Open

[CILogon] support callable username_claim#823
minrk wants to merge 2 commits into
jupyterhub:mainfrom
minrk:cilogon_username_claim

Conversation

@minrk

@minrk minrk commented Jun 19, 2026

Copy link
Copy Markdown
Member

restores compatibility with base class by allowing a callable, both on the class level OAuthenticator.username_claim, and on the per-idp level.

idp-level username_claim has priority, so class-level username_claim is only used when idp.username_derivation.username_claim is not defined.

closes #712 with by allowing callable username_claim but if we wanted a simple declarative solution to orcid (e.g. strip url prefix analogous to strip idp domain), we could also do that separately if it's likely to be common enough.

Example orcid config:

def orcid_username(user_info):
    assert user_info["idp"] == 'http://orcid.org/oauth/authorize'
    # Only modify usernames if orcid is used
    # oidc is of the form https://orcid.org/<orcid-id>
    return user_info['oidc'].split('/')[-1]

c.CILogonOAuthenticator.username_claim = orcid_username
c.CILogonOAuthenticator.idps = {
    'http://orcid.org/oauth/authorize': {
        'username_derivation': {
            # could set username_claim: callable here, too
            'action': 'prefix',
            'prefix': 'orcid',
    },
    'other': {
        'username_derivation': {
            'username_claim': 'sub', # username_claim callable not used
    },
}

only used when username_claim not specified
@minrk minrk requested review from consideRatio and yuvipanda June 19, 2026 18:06
Comment thread oauthenticator/cilogon.py

@consideRatio consideRatio left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a logging question, but otherwise lgtm!

@consideRatio consideRatio changed the title support callable username_claim in cilogon [CILogon] support callable username_claim in cilogon Jun 19, 2026
@consideRatio consideRatio changed the title [CILogon] support callable username_claim in cilogon [CILogon] support callable username_claim Jun 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[CILogon] Can not use orcid as username_claim directly

2 participants