Hi,

This is a request feature to use the OPA Agent instead of assertion parts of EAS.
With this we can use a common DSL language (rego) to create policies for authz.

Bug description

Unable to restrict access to users that are a member of specific groups in LDAP authenticated through Jupyterhub

Expected behaviour

Restricted access to members of the group specified in basedn

Actual behaviour

ldap users other than group members are able to access

How to reproduce

I am able to reproduce the issue at my end with the below steps.

1

If user tries to modify permissions of a group he does not have permission to modify, it gives error message " [object Object]" which is not very informational. Instead the message should be something like "You don't have permission to modify this group. Only members of group can modify this group".

Below is a screenshot of the current error.
![image](https://cloud.githubuserc

The option PASSWORD_HASH=auto stores the password in clear text if no password is set before, because there is no Hash mechanism used if no password exists.
I think it would be a better way to use a standard Hash mechanism like SHA instead of using clear text. So the password is hashed, even if no password exists before.

Useful on mobile devices but also on desktop to check if the entered password is actually correct.

Add an eye icon at the end of the password field to show/hide the password.

Current translated words: pt, es, fr, en, de, fr, es, sv, no, lt, pl, tr, uk, ru

1. Fork this repo
2. Pick a language you're good and left a message here
3. Edit the src/messages.js, duplicate the structure in their folder and replace en in the key with your language's standard two-letter ISO 639-1 code.
4. Add the import and the require(...) on src/index.js (+2 lines) and upd