Hi everyone
In one of my previous posts I asked if anyone had some experiences integrating FusionAuth and JupyterHub through an LTI authenticator. I am mostly done with that, but there are a few missing pieces in the puzzle (I will write my discoveries once I get everything sorted out)
The flow goes like this:
- I make a POST request to the Jupyterhub endpoint that starts the authorization flow:
hub/lti13/oauth_login
with some parameters to include the issuer, the login_hint and other needed parameters. - The endpoint is responsible to add some request parameters like the nonce, or the callback_url to then send the request to fusionauth
/oauth2/authorize
. - FusionAuth passes the id_token to the callback_url, which in turn checks that the necessary keys are correct (I added a Lambda function to add required LTI parameters)
- JupyterHub checks that everything is correct, and if so, it proceeds and redirects finally the user to the JupyterHub notebooks
So far so good, everything seems to be working fine. Except when I try to embed it in an iframe!
I was already logged in, but then it asks me to log in again inside the Iframe. But when I try it, it just loops and asks me again for my credentials. After checking the Network tab, when I try to log in fusionAuth by hitting the Submit button, it makes a POST request to /oauth2/authorize
, which returns a /oauth2/complete-registration
, which upon requesting, it returns again oauth2/authorize
(Hope that can be understood)
I already added the jupyterhub url in the Application "Authorized request origin URLs"
What I assume is that it is because of the cookies not being correctly passed, but I don't know how that affects the looping behaviour this presents
Can anyone shed some light please? I've been struggling with this during days and I dont know what else I can do :(.
Also, I really hope this is not the issue, but I am currently testing the frontend using localhost. JupyterHub and FA are already in (separate) https domains
Thank you very much,
Ivan