We are trying to integrate Jupyterhub (and Jupyterlab) into a bespoke application that is already running in our company.
Users single sign on (using Ping Federate) into the bespoke application.
The business requirement is to not require users to sign-in again to Jupyterhub again
The technical requirement is for an existing micro-service to use Jupyterhub’s REST API to launch a user’s Jupyter Lab server instance. The micro-service will do the following using Jupyterhub’s REST API.
-
Check if the user exists in the Jupyterhub database and if not then create the user in the Jupyterhub database. (GET /hub/api//users/, POST /hub/api/users/)
-
Spawn a named Jupyterlab server for the user (POST /hub/api/users//servers/ with a data payload containing the user’s Ping Federate SSO OAuthToken, expiration timestamp and a Refresh Token). The attributes in the POST operation’s data payload will be set as environment variables in the user’s named Jupyterlab server.
-
Launch a Browser and display the UI of the user’s named Jupyterlab server
Jupyterhub appears to be very dependent on browser redirects and browser cookies and we are not sure how to implement this use case using a headless service to trigger the spawning of a user’s Jupyterlab server.
Can you please help us identify the customizations we need to make to Jupyterhub for this use case.