in modules/jupyter/authentication/authenticator/gcpiapjwtauthenticator/gcpiapjwtauthenticator.py [0:0]
def get(self):
header_name = self.authenticator.header_name
auth_header_content = self.request.headers.get(header_name, "") if header_name else None
# Extract project ID, namespace, and backend config name from the authenticator
project_id = self.authenticator.project_id
namespace = self.authenticator.namespace
service_name = self.authenticator.service_name
print("Project ID:", project_id)
print("Namespace:", namespace)
print("Backend Config Name:", service_name)
# Construct the keyword from namespace and backend config name
keyword = namespace + "-" + service_name
print("Keyword:", keyword)
# List GCP backend services IDs based on the project ID and keyword
gcp_backend_services_ids = list_backend_services_ids(project_id, keyword)
print("GCP Backend Services IDs:", gcp_backend_services_ids)
# Construct expected audiences from the GCP backend services IDs
expected_audiences = [f"/projects/{self.authenticator.project_number}/global/backendServices/{service_id}" for service_id in gcp_backend_services_ids]
print("Expected Audiences:", expected_audiences)
if self.authenticator.header_name != "X-Goog-IAP-JWT-Assertion":
raise web.HTTPError(400, 'X-Goog-IAP-JWT-Assertion is the only accepted Header')
elif bool(auth_header_content) == 0:
raise web.HTTPError(400, 'Can not verify the IAP authentication content.')
else:
_, user_email, err = validate_iap_jwt(
auth_header_content,
expected_audiences
)
if err:
raise Exception(f'Ran into error: {err}')
else:
logging.info(f'Successfully validated!')
username = user_email.lower().split("@")[0]
user = self.user_from_username(username)
self.set_login_cookie(user)
self.redirect(url_path_join(self.hub.server.base_url, 'home'))