Hi,
I am wondering is it possible to get the current logged in user info in Jupyterlab extension by making a call to Jupyterhub API, the only problem I am facing is that the tokens are assigned to the users. In the extension, I need to check if the user is an admin or not and then show the menu items accordingly?
Thanks.
The JupyterHub /user API endpoint should include the user’s scopes. Based on the scopes you can decide what menu items to show.
https://jupyterhub.readthedocs.io/en/stable/reference/rest-api.html#/default/get_user
You are right, but the /user API endpoint expects a token for that specific user and returns the model based on the user token so the question is how do I get a user-specific token in the jupyterlab extension.
I figured out how to get the user-specific token in the extension by using PageConfig.getToken() function to get the token but this function returns an empty string instead of returning the token for the user.
There’s already an API token on the server side. For example, if you start a JupyterLab terminal:
$ curl -H "Authorization: token $JUPYTERHUB_API_TOKEN" $JUPYTERHUB_API_URL/user
{"groups": [], "last_activity": "2022-02-23T21:49:51.553599Z", "kind": "user", "name": "asd", "admin": false, "session_id":null, "scopes": ["access:servers!user=asd", "read:users:activity!user=asd", "users:activity!user=asd"]}
Note you shouldn’t rely on the admin property with JupyterHub 2.0 since permissions are now much more fine grained- use the scopes field instead.
PageConfig.getToken() will be empty as there was a bug: Forward-port fixes from 1.5.0 security release by minrk · Pull Request #3679 · jupyterhub/jupyterhub · GitHub
Yes I can access the API token in Jupyterlab terminal but how do I access the same Token in my front end extension, is there any way to do this?
Now that jupyterlab-server has page_config_hook, PageConfig.getToken() will be able start returning the user’s token soon: Add user token to JupyterLab PageConfig by minrk · Pull Request #3809 · jupyterhub/jupyterhub · GitHub .
You could probably patch-in a similar page_config_hook via jupyter_server_config to work with current JupyterHub (note: you’d need to use the get_secure_cookie bit to make sure you still get the token for cookie-authenticated requests).
Something like:
# /etc/jupyter/jupyter_server_config.py
def page_config_hook(handler, page_config):
hub_auth = handler.settings["hub_auth"]
token = hub_auth.get_token(handler)
if not token:
token = handler.get_secure_cookie(self.cookie_name)
if token:
token = token.decode("ascii", "replace")
page_config["token"] = token
return page_config
c.ServerApp.tornado_settings.update({"page_config_hook": page_config_hook})
Hi @minrk, sorry I am new to JupyterHub configuration and here is what my configuration file looks like for tljh but still I am unable to get token in my Jupyterlab extension.
This needs to be configuration for the single-user server (a different config file), not JupyterHub. You can put it in e.g. /etc/jupyter/jupyter_server_config.py
