AccessToken does not have the expected scope users!user - Access to Custom API not possible

LeafLikeApple · April 14, 2025, 2:14pm

Hello everyone,

in an external tool the users should be able to enter their own information, for this I have written my own handler, which inherits from APIHandler.
I have given the routes @needs_scope(“users”).

As far as I understand the documentation, a user should have the scope users!user=NAME. But, when I create an AccessToken for the user, this token does not have the scope.
I get this message when I try to access the new route:
Action is not authorised with current scopes; requires any of [users].
But when I pass users!user=NAME as scope in the token creation process, I get this message:
Not assigning requested scopes users!user=NAME,list:users!user=NAME not held by User NAME
Am I missing something with the scopes function?

Many thanks for your help

minrk · April 23, 2025, 7:50am

Can you describe more about what you are trying to do? @needs_scope and APIHandler are for internal implementation of JupyterHub, not for use in external Services implementations.

Users do not have the scope users!user=NAME by default. What sort of actions are you trying to accomplish that users is the right scope to require? Maybe a more specific scope that users actually do have will suffice. If you really want to grant users greater permissions than the default, you can set permissions for all users by adding scopes to the user role.

Topic		Replies	Views
Giving scopes to users using jupyterlab token JupyterHub	1	411	November 15, 2023
Understanding token scope difference JupyterHub	2	1313	August 24, 2021
Generate API token with fixed scope before launching server? JupyterHub	2	280	March 14, 2024
Accessing JupyterHub service programmatically JupyterHub	3	644	August 9, 2023
Role and scope doesn't seem to be taking effect JupyterHub	3	657	August 18, 2022

AccessToken does not have the expected scope users!user - Access to Custom API not possible

Related topics