I set up jupyterhub v0.11.1 from the helm chart and I was wondering what permissions does the API token allow an “admin” user to perform? Is it simply the rest calls documented on JupyterHub?
I have c.JupyterHub.admin_access = True already set.
In the UI, an admin user is able to view the files in a non-admin user’s notebook. It looks like it passes a cookie over to the notebook server in the rest call as a header. I was wondering if it’s possible for an admin user to view the files in a non-admin user’s notebook through using the admin API token alone? I was hoping to automate file scripting of non-admin notebooks without having to deal with cookies
Yes, API tokens of admins have the same permissions as the owner, which includes API access to individual servers. JupyterHub 2.0 will give you more fine-grained control over this.
Where the blacked out parts are the non-admin user whose file I am trying to view. Does this mean I need to have an oauth2 token (and therefore an oauth2 provider as well) in order to view user’s files through the rest API? If so, is it possible to get an oauth2 bearer token through the client_credential grant type flow? Because it seems like authorization_code flow is the only one supported right now (which is not automatable since it requires user interaction)