Using JWTs for authenticating the JupyterHub API

At our JupyterHub deployment (https://notebooks.egi.eu) we want users to be able to interact with the JupyterHub API using JWT OAuth2 tokens from our IAM system. The way we are managing this is by:

I would like to get some feedback from the community about this approach, are we doing the right thing? Maybe we have missed some functionality in the hub that could simplify our current implementation, and related to that - is this something interesting to support upstream to some extent?

Thanks!

Enol

I think this approach looks quite sensible. The only thing I see is using direct access to the JupyterHub database here, which we try to discourage because it will likely be removed as we decouple some pieces of JupyterHub’s architecture, Authenticators will not have access to the db session.

Using the public api token creation endpoints ought to be a more stable mechanism, if that can work for you.