Hello!
I’ve been working on setting up an external authentication flow for the new REST APIs with Jupyterhub. I was wondering if there is a way to convert a token that is passed in into not only a user’s info, but also get back which token ID or the token information on that token. I have a requirement to monitor the token’s metadata and just trying to see how to do that. Is that doable? And if so, how?
Thanks in advance!
There’s a /users/{name}/tokens endpoint to list tokens belonging to a user
Thanks for your reply. When I make a call to /users/{name}/tokens, I don’t see the “token” key specified in the REST API. What permission is required to see that key?
The tokens scope should be sufficient Scopes in JupyterHub — JupyterHub documentation
I don’t see the “token” key specified in the REST API
What do you mean by “token key"?
What I’m meaning is in the return JSON from htting the /users/{name}/tokens endpoint. What I called the “token key” is the part ““token”: “string””. I’m not seeing this when calling this endpoint. Was there a version it was released in or does it require some specific permissions to view?
[
{
"token": "string",
"id": "string",
"user": "string",
"service": "string",
"roles": [
"string"
],
"scopes": [
"string"
],
"note": "string",
"created": "2024-04-13T19:51:44.572Z",
"expires_at": "2024-04-13T19:51:44.572Z",
"last_activity": "2024-04-13T19:51:44.572Z",
"session_id": "string"
}
]
I understand what you’re asking now- the docs are slightly misleading, token is only included in the response for new token requests (POST), it’s omitted when retrieving an existing token for security. If you need to delete a token you can reference it using id.
Thank you for clearing that up!
So then, is there a way where a user could pass in a fully fledged token and then I could somehow get the metadata on that token from the token itself? The reason I ask is I had to expand/update the Jupyterhub authentication within the dask gateway application and in order to do that, I had to determine from an incoming token what the token’s metadata is. I couldn’t find it, hence this q/a. Is there a way to peer these together, or once a token is created, you can’t pull its metadata from just looking at the token itself?
So then, is there a way where a user could pass in a fully fledged token and then I could somehow get the metadata on that token from the token itself?
There is not, but there should be. We could add this to the GET /api/user model, like we do for scopes. Added in add token_id to `/api/user` by minrk · Pull Request #4790 · jupyterhub/jupyterhub · GitHub