The spawner starts the server using jupyterhub-singleuser with some
environment variables like JUPYTERHUB_API_TOKEN and JUPYTERHUB_BASE_URL which tell the single-user server how to connect
back to the hub in order to say that it’s ready.
and running env from inside the pod I can confirm that JUPYTERHUB_API_TOKEN and JPY_API_TOKEN are unset. However the single user pod is launched and runs successfully. How come?
JUPYTERHUB_API_TOKEN is required for the singleuser server to communicate with the hub. I’ve just tested this and as expected the singleuser server fails:
[E 2025-05-29 14:08:39.191 JupyterHubSingleUser] Error notifying Hub of activity: HTTP 403: Forbidden
[E 2025-05-29 14:08:39.819 JupyterHubSingleUser] Error notifying Hub of activity: HTTP 403: Forbidden
[I 2025-05-29 14:08:40.103 ServerApp] 200 GET /user/a/api (@192.168.0.12) 2.39ms
[I 2025-05-29 14:08:40.334 ServerApp] 302 GET /user/a/ -> /user/a/lab? (@::ffff:172.30.1.2) 0.64ms
[I 2025-05-29 14:08:40.432 ServerApp] 302 GET /user/a/lab -> /hub/api/oauth2/authorize?client_id=jupyterhub-user-a&redirect_uri=%2Fuser%2Fa%2Foauth_callback&response_type=code&state=[secret] (@::ffff:172.30.1.2) 2.19ms
[W 2025-05-29 14:08:40.700 ServerApp] Failed to check authorization: [401] No permission -- see authorization schemes
[W 2025-05-29 14:08:40.700 ServerApp] {"error": "invalid_client"}
If it’s working for you there must be something else. Please can you share you entire configuration and deployment information?