Support needed for Oathenticator's Azure AD signin with TLJH

[tamasSzentandrasi]

Proposed change

Currently, Oauthenticator uses azuread.py to handle the cases where tljh-config contains azuread as the auth type. It seems to primarily use environmental variables to get the required details for the construction of a valid redirect url. However, simply by making sure the only referenced 'AAD_TENANT_ID' is valid, it fails to include other necessary configuration details, that have been given in the tljh config below.

The contents of tljh-config (reload was successful - active):

spec:
  env:
    name: AAD_TENANT_ID
    value: <valid Azure AD Tenant ID>
auth:
  type: azuread
  azuread:
    client_id: <client_id>
    client_secret: <client_secret>
    callback_url: https://<ourdomain>/hub/callback
    tenant_id: <same valid Azure AD Tenant ID>
cert_reqs: CERT_REQUIRED

I've already submitted a Bug report on the Oauthenticator side, However the issue is between TLJH and Oauthenticator, and thus the solution has to be some sort of support from both sides to allow this use-case for authentication.

[nickmachairas]

I run into the exact same problem just now. I assume there are no fixes yet? Thanks

[consideRatio]

• Don't use auth.azuread, but use auth.AzureADOAuthenticator when configuring tljh.
• When we bump to a modern version of oauthenticator, I think you can avoid needing to configure the environment variables at all, see Bump to recent versions, and make bootstrap.py update to those when run #719 and Running pip install oauthenticator==1.* should include the --upgrade flag - right? #732 about that version bump.

I'll close this ahead of time as something to be handled by #719 and #732 and fixing the config.

[arun-soliton]

@tamasSzentandrasi I have a similar use case too and I am unable to configure Azure AD for tljh. Were you able to do it, if so can you kindly guide me with the steps?