From fe57127a423e8366d86248a7b5745bfaea2038f3 Mon Sep 17 00:00:00 2001
From: sean-morris <sean.smorris@gmail.com>
Date: Thu, 27 Jun 2024 16:44:30 -0700
Subject: [PATCH] [Cloudbank] LACC GithubOauth

---
 config/clusters/cloudbank/lacc.values.yaml | 51 ++++------------------
 1 file changed, 9 insertions(+), 42 deletions(-)

diff --git a/config/clusters/cloudbank/lacc.values.yaml b/config/clusters/cloudbank/lacc.values.yaml
index 9054bfee6b..65a0ec8e43 100644
--- a/config/clusters/cloudbank/lacc.values.yaml
+++ b/config/clusters/cloudbank/lacc.values.yaml
@@ -26,47 +26,14 @@ jupyterhub:
   hub:
     config:
       JupyterHub:
-        authenticator_class: cilogon
-      CILogonOAuthenticator:
-        oauth_callback_url: "https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback"
-        allowed_idps:
-          http://google.com/accounts/o8/id:
-            default: true
-            username_derivation:
-              username_claim: "email"
-      OAuthenticator:
-        # WARNING: Don't use allow_existing_users with config to allow an
-        #          externally managed group of users, such as
-        #          GitHubOAuthenticator.allowed_organizations, as it breaks a
-        #          common expectations for an admin user.
-        #
-        #          The broken expectation is that removing a user from the
-        #          externally managed group implies that the user won't have
-        #          access any more. In practice the user will still have
-        #          access if it had logged in once before, as it then exists
-        #          in JupyterHub's database of users.
-        #
-        allow_existing_users: True
+        authenticator_class: github
+      GitHubOAuthenticator:
+        oauth_callback_url: https://lacc.cloudbank.2i2c.cloud/hub/oauth_callback
+        allowed_organizations:
+          - LACC-Statistical-Data-Analytics
+        scope:
+          - read:org
       Authenticator:
-        # WARNING: Removing a user from admin_users or allowed_users doesn't
-        #          revoke admin status or access.
-        #
-        #          OAuthenticator.allow_existing_users allows any user in the
-        #          JupyterHub database of users able to login. This includes
-        #          any previously logged in user or user previously listed in
-        #          allowed_users or admin_users, as such users are added to
-        #          JupyterHub's database on startup.
-        #
-        #          To revoke admin status or access for a user when
-        #          allow_existing_users is enabled, first remove the user from
-        #          admin_users or allowed_users, then deploy the change, and
-        #          finally revoke the admin status or delete the user via the
-        #          /hub/admin panel.
-        #
         admin_users:
-          - PINEDAEM@laccd.edu
-          - LAMKT@laccd.edu
-          - sarvikb@lacitycollege.edu
-          - ericvd@berkeley.edu
-          - k_usovich@berkeley.edu
-          - sean.smorris@berkeley.edu
+          - sean-morris
+          - pineda0021