I narrowed it down to different parameters in call to …
JUPYTERHUB_API_TOKEN is generated inside User.spawn:
db = self.db
if handler:
await self.refresh_auth(handler)
base_url = url_path_join(self.base_url, server_name) + '/'
orm_server = orm.Server(base_url=base_url)
db.add(orm_server)
note = "Server at %s" % base_url
api_token = self.new_api_token(note=note, roles=['server'])
db.commit()
spawner = self.spawners[server_name]
spawner.server = server = Server(orm_server=orm_server)
assert spawner.orm_spawner.server is orm_server
# pass requesting handler to the spawner
# e.g. for processing GET params
spawner.handler = handler
with this call:
api_token = self.new_api_token(note=note, roles=['server'])
Requesting the token through command line calls:
def init_roles_and_users():
loop = asyncio.new_event_loop()
loop.run_until_complete(hub.init_role_creation())
loop.run_until_complete(hub.init_users())
ThreadPoolExecutor(1).submit(init_roles_and_users).result()
user = orm.User.find(hub.db, self.name)
if user is None:
print("No such user: %s" % self.name, file=sys.stderr)
self.exit(1)
token = user.new_api_token(note="command-line generated")
print(token)
class UpgradeDB(Application):
"""Upgrade the JupyterHub database schema."""
name = 'jupyterhub-upgrade-db'
version = jupyterhub.__version__
description = """Upgrade the JupyterHub database to the current schema.
token = user.new_api_token(note="command-line generated")
As I can see, User.spawn calls has additional parameter roles=['server'], whereas another call does not. Indeed, removing roles=['server'] parameter and reinstalling JupyterHub yield two identical scopes.
I am still wondering, why this difference exists and how would I get this behavior without forking JupyterHub…