JupyterHub returns 403 when a user inheriting permissions from a group attempts log in

Summary

Users are unable to sign in to JupyterHub after it has been installed on a barebones Kubernetes cluster.

Steps to reproduce

1. Create a project on GitLab.com in a namespace with any subscription level.
2. Ensure that you are at least a Developer of that project.
3. Create a Kubernetes cluster through the GitLab integration.
4. Install Helm Tiller, Ingress, and JupyterHub.
5. Navigate to the nip.io JupyterHub URL provided once the installation of JupyterHub is complete.
6. Click Sign in with GitLab.
7. Authorize the application.
8. Observe a 403 error.

Example Project

• gitlab-silver/jupyter
• JupyterHub app URL

What is the current bug behavior?

The user is unable to sign in to the JupyterHub application that they just installed.

What is the expected correct behavior?

The user is able to sign in to their newly created JupyterHub installation.

Relevant logs and/or screenshots

Authorizing:

Error:

Output of checks

This bug happens on GitLab.com: 12.2.0-pre 0c1c17abba9

ZD: https://gitlab.zendesk.com/agent/tickets/130113 (Internal)

/cc @danielgruesso