{"id":13609181,"url":"https://github.com/cwaldbieser/jhub_remote_user_authenticator","last_synced_at":"2025-07-25T22:32:17.354Z","repository":{"id":2002228,"uuid":"45512482","full_name":"cwaldbieser/jhub_remote_user_authenticator","owner":"cwaldbieser","description":"REMOTE_USER authenticator for Jupyterhub.","archived":false,"fork":false,"pushed_at":"2022-03-31T20:04:45.000Z","size":29,"stargazers_count":41,"open_issues_count":9,"forks_count":36,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-16T19:39:22.414Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cwaldbieser.png","metadata":{"files":{"readme":"README.rst","changelog":"CHANGELOG.rst","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-11-04T03:17:18.000Z","updated_at":"2024-05-09T21:52:04.000Z","dependencies_parsed_at":"2022-08-06T11:16:43.746Z","dependency_job_id":null,"html_url":"https://github.com/cwaldbieser/jhub_remote_user_authenticator","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fjhub_remote_user_authenticator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fjhub_remote_user_authenticator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fjhub_remote_user_authenticator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwaldbieser%2Fjhub_remote_user_authenticator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cwaldbieser","download_url":"https://codeload.github.com/cwaldbieser/jhub_remote_user_authenticator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227621849,"owners_count":17795021,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T19:01:33.089Z","updated_at":"2024-12-01T20:13:06.876Z","avatar_url":"https://github.com/cwaldbieser.png","language":"Python","funding_links":[],"categories":["JupyterHub认证"],"sub_categories":[],"readme":"====================================\nJupyterhub REMOTE_USER Authenticator\n====================================\n\nAuthenticate to Jupyterhub using an authenticating proxy that can set\nthe REMOTE_USER header.\n\n-----------------------------------------\nArchitecture and Security Recommendations\n-----------------------------------------\n\nThis type of authentication relies on an HTTP header, and a malicious\nclient could spoof the REMOTE_USER header.  The recommended architecture for this\ntype of authentication requires that an authenticating proxy be placed in front\nof your Jupyterhub.  Your Jupyerhub should **only** be accessible from the proxy\nand **never** directly accessible by a client.  \n\nThis type of access is typically enforced with network access controls.  E.g. in\na simple case, the host on which the Jupyterhub service accepts incoming requests\nhas its host based firewall configured to only accept incoming connections from\nthe proxy host.\n\nFurther, the authenticating proxy should make sure it removes any REMOTE_USER\nheaders from incoming requests and only applies the header to proxied requests\nthat have been properly authenticated.\n\n------------\nInstallation\n------------\n\nThis package can be installed with `pip` either from a local git repository or from PyPi.\n\nInstallation from local git repository::\n\n    cd jhub_remote_user_authenticator\n    pip install .\n\nInstallation from PyPi::\n\n    pip install jhub_remote_user_authenticator\n\nAlternately, you can add the local project folder must be on your PYTHONPATH.\n\n-------------\nConfiguration\n-------------\n\nYou should edit your :file:`jupyterhub_config.py` to set the authenticator \nclass::\n\n    c.JupyterHub.authenticator_class = 'jhub_remote_user_authenticator.remote_user_auth.RemoteUserAuthenticator'\n\nYou should be able to start jupyterhub.  The \"/hub/login\" resource\nwill look for the authenticated user name in the HTTP header \"REMOTE_USER\" [#f1]_.\nIf found, and not blank, you will be logged in as that user.\n\nAlternatively, you can use `RemoteUserLocalAuthenticator`::\n\n    c.JupyterHub.authenticator_class = 'jhub_remote_user_authenticator.remote_user_auth.RemoteUserLocalAuthenticator'\n\nThis provides the same authentication functionality but is derived from\n`LocalAuthenticator` and therefore provides features such as the ability\nto add local accounts through the admin interface if configured to do so.\n\n.. [#f1] The HTTP header name is configurable.  Note that NGINX, a popular\n   proxy, drops headers that contain an underscore by default. See\n   http://nginx.org/en/docs/http/ngx_http_core_module.html#underscores_in_headers\n   for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcwaldbieser%2Fjhub_remote_user_authenticator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcwaldbieser%2Fjhub_remote_user_authenticator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcwaldbieser%2Fjhub_remote_user_authenticator/lists"}