Menu
I am trying to figure out the best way of authenticating a JupyterHub user with JWT. In my particular use case, the client will be first authenticated on a primary website and redirected at a later stage to the JupyterHub proxy (both sites are hosted behind the same domain). The idea would be to completely bypass the JupyterHub login screen and enable the user to access his Notebooks (provided that a valid JWT token is available in the HTTP request's Authorization header). The JWT token would be generated once the user has logged in to the primary site.
Any pointers/advice on how to implement this would be greatly appreciated! My guess is that I need to write a custom authenticator in order to validate the JWT. However, I am unsure on how to configure the entire process. Thanks!
680
I had a similar requirement to use Jupyterhub from my application. My requirement was to bypass the Jupyterhub login and use my application login to get into the Jupyterhub. I checked various authentication mechanism and I didn't find anything that is directly usable. Finally I made modification in one of the custom authentication plugin. The details are given below.
I modified the jhub_remote_user_authenticator plugin. The main function responsible for the authentication is given below. (remote_user_auth.py)
class RemoteUserLoginHandler(BaseHandler):
def get(self):
header_name = self.authenticator.header_name
remote_user = self.request.headers.get(header_name, "")
if remote_user == "":
raise web.HTTPError(401)
else:
user = self.user_from_username(remote_user)
self.set_login_cookie(user)
self.redirect(url_path_join(self.hub.server.base_url, 'home'))
This plugin checks the REMOTE_USER argument in the header of the request and login as that particular user. This is very useful if we use Apache httpd server with SSO.
I modified this plugin to perform a simple login. This is a very basic one. I am explaining this just as an example. You can modify this as per your requirement. The modified code is given below.
class RemoteUserLoginHandler(BaseHandler):
def get(self):
remote_user = self.get_argument('user', None, True)
if remote_user == "":
raise web.HTTPError(401)
else:
user = self.user_from_username(remote_user)
self.set_login_cookie(user)
self.redirect(url_path_join(self.hub.server.base_url, 'home'))
Now with this modified plugin, if you access the jupyter hub with the argument user=, the notebook for the corresponding user will open. This will bypass the login screen also.
http://jupyterhuburl:port/hub/login?user=amal --> This will open the notebook for user amal
http://jupyterhuburl:port/hub/login?user=demouser --> This will open the notebook for user demouser
You can modify this function based on your requirement. This is just an example. We can add modify this to enable more secure login.
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
