Normalization of GitHub Usernames causing issues with System Usernames for home directory access

[mubdi]

Bug description

While this may not be explicitly a bug, it's a series of interactions that make life challenging for our particular setup. In our setup, we have a deployed multiuser system, where user accounts are created by ansible from membership within a GitHub team. We don't have any say over our user's GitHub usernames, but being that it is GitHub, they are all valid POSIX usernames. We're running a Jupyterhub instance (through Docker) where we are using Github Oauth for authentication, and the System User Spawner from the DockerSpawner to have the users' home space be mounted within the raised docker container.

For users with usernames only using lowercase characters, everything works as expected. However, if a user has a mixed case username, the spawner fails since the normalized username cannot be found as a system user. The alternatives we've looked at are:

1. Using the c.GitHubOAuthenticator.username_map parameter for usernames with mixed case (which is slightly annoying as user maintenance requires conditional changes to the jupyterhub_config.py script), or
2. Implementing a version of the GithubOAuthenticator class with normalize_username overridden (as is the case with the Mediawiki authenticator as discussed in Preserve case for usernames in MWOAuthenticator #168).

Based on Issue #52, the normalization is done by design, but with the Mediawiki authenticator breaking that convention, is it truly a necessity of JupyterHub and/or the Oauthenticator package? Downstream, this requirement for usernames to be fully lowercase has been taken as necessary by packages like DockerSpawner, requiring the use of the legacy username normalizer, which isn't optimal from a security standpoint. (I will be shortly posting a similar issue with DockerSpawner).

So, the questions are:

1. For the case where we need GitHub usernames to exactly match the system user names, is there a configuration option to turn off username normalization (beyond what I had described above)?
2. Is requiring all usernames to be lowercase a mandatory requirement by design? Or is it possible to open this to any valid character from a POSIX username?

Your personal set up

We are using the JupyterHub docker container (v4.0.1) on a multiuser Ubuntu host VM.

• OS:
  Ubuntu 20.04
• Version(s):
  JupyterHub: 4.0.1
  Oauthenticator: 16.0.1
  Dockerspawner: 12.1.0

[welcome]

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗

If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.

You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋

Welcome to the Jupyter community! 🎉

[mubdi]

Related DockerSpawner issue here: jupyterhub/dockerspawner#495