Hi Jovyans,
- Jupyterhub version: 1.4.2
- Authenticator: GenericOAuthenticator
- Issue: Need to call REST API(/users//server) to start user server, this requires an user’s API token. I’ve been blocked with ‘how to create an API token for an user through a REST API’
I’m able to manually create an user’s API token on the browser, and then use that token to start an user’s server:
curl -X POST https://******/hub/api/users/<username>/server \
-H 'Authorization: token <manually created API token from the browser>' \
-H 'accept: application/json' \
--data-raw '{"profile":"<project_name>"}'
And now I need to call a REST API to generate an API token, then I found this one:
curl -X POST https://********/hub/api/oauth2/token -H 'Authorization: Bearer <OAuth token after login>' -H "Content-Type: application/x-www-form-urlencoded"
It seems like it won’t take an existing OAuth token, what is the right way to create an API token with OAuth token?
Found this old post here answered by @manics , and it says If you’re writing a custom UI you’ll need to implement authentication with Keycloak there, and give your front-end a privileged token that allows it to create tokens for users.
I guess there is not a solution to make REST API call with OAuth token… so we have to pre-generate a super-user token when deploying jupyterhub and use that super-user token to generate user’s API token…
Ended up, made an admin service doc for front-end to start user’s server, not the best practice for security… Let me know if there is a better way