give authorizer handle on identity provider

In many cases of custom implementations,
these two will have some coupling.
So it makes sense for the Authorizer to have access to the identity provider
for shared info.

e.g. the HubAuth object, when working with JupyterHub.

Author: minrk

jupyter_server/auth/authorizer.py

@@ -7,11 +7,12 @@
 """
 # Copyright (c) Jupyter Development Team.
 # Distributed under the terms of the Modified BSD License.
+from traitlets import Instance
 from traitlets.config import LoggingConfigurable
 
 from jupyter_server.base.handlers import JupyterHandler
 
-from .identity import User
+from .identity import IdentityProvider, User
 
 
 class Authorizer(LoggingConfigurable):
@@ -34,6 +35,8 @@ class Authorizer(LoggingConfigurable):
     .. versionadded:: 2.0
     """
 
+    identity_provider = Instance(IdentityProvider)
+
     def is_authorized(
         self, handler: JupyterHandler, user: User, action: str, resource: str
     ) -> bool:

jupyter_server/base/handlers.py

@@ -220,7 +220,8 @@ def authorizer(self):
             from jupyter_server.auth import AllowAllAuthorizer
 
             self.settings["authorizer"] = AllowAllAuthorizer(
-                config=self.settings.get("config", None)
+                config=self.settings.get("config", None),
+                identity_provider=self.identity_provider,
             )
 
         return self.settings.get("authorizer")

jupyter_server/serverapp.py

@@ -217,23 +217,23 @@ def __init__(
         authorizer=None,
         identity_provider=None,
     ):
-        if authorizer is None:
+        if identity_provider is None:
             warnings.warn(
-                "authorizer unspecified. Using permissive AllowAllAuthorizer."
-                " Specify an authorizer to avoid this message.",
+                "identity_provider unspecified. Using default IdentityProvider."
+                " Specify an identity_provider to avoid this message.",
                 RuntimeWarning,
                 stacklevel=2,
             )
-            authorizer = AllowAllAuthorizer(parent=jupyter_app)
+            identity_provider = IdentityProvider(parent=jupyter_app)
 
-        if identity_provider is None:
+        if authorizer is None:
             warnings.warn(
-                "identity_provider unspecified. Using default IdentityProvider."
-                " Specify an identity_provider to avoid this message.",
+                "authorizer unspecified. Using permissive AllowAllAuthorizer."
+                " Specify an authorizer to avoid this message.",
                 RuntimeWarning,
                 stacklevel=2,
             )
-            identity_provider = IdentityProvider(parent=jupyter_app)
+            authorizer = AllowAllAuthorizer(parent=jupyter_app, identity_provider=identity_provider)
 
         settings = self.init_settings(
             jupyter_app,
@@ -1861,8 +1861,10 @@ def init_configurables(self):
             parent=self,
             log=self.log,
         )
-        self.authorizer = self.authorizer_class(parent=self, log=self.log)
         self.identity_provider = self.identity_provider_class(parent=self, log=self.log)
+        self.authorizer = self.authorizer_class(
+            parent=self, log=self.log, identity_provider=self.identity_provider
+        )
 
     def init_logging(self):
         # This prevents double log messages because tornado use a root logger that