Thank you a lot for all these informations !
The application that I am trying to connect is Xnat (which as a jupyterhub plugin to handle this stuff https://wiki.xnat.org/jupyter-integration).
I did not developped this plugin but I had to look into as it is designed for docker (with the dockerspawner) and had to customize it (which seems to work atm).
Here is the code of the custom jpuyterhub authenticator for xnat:
# Create service account for XNAT
c.JupyterHub.services = [
{
"name": "xnat",
"api_token": "secret-token"
},
]
c.JupyterHub.load_roles = [
{
"name": "admin-hub-role",
"scopes": [
"admin:servers", "admin:users", "read:hub", "tokens"
],
"services": [
"xnat"
],
}
]
# Authentication config
class XnatAuthenticator(Authenticator):
"""
Used to authenticate a user with XNAT
Requires the environmental variable JH_XNAT_URL to contain the URL of the XNAT to authenticate the user with.
"""
async def authenticate(self, handler, data):
xnat_url = f'{os.environ["JH_XNAT_URL"]}'
xnat_auth_api = f'{xnat_url}/data/services/auth'
# return {'name': data['username']}
logger.debug(f'User {data["username"]} is attempting to login.')
response = requests.put(
xnat_auth_api, data=f'username={data["username"]}&password={data["password"]}')
if response.status_code == 200:
logger.info(f'User {data["username"]} authenticated with XNAT.')
return {'name': data['username']}
else:
logger.info(
f'Failed to authenticate user {data["username"]} with XNAT.')
return None
c.JupyterHub.authenticator_class = XnatAuthenticator
So here is what I understand of the authentication process (you can take a look here at the plugin):
Xnat and jupyterhub share a secret to authenticate each other, user from xnat inside jupyterhub when they ask to create a notebook.
When the notebook is up (imo, there is no issue before), there is a button on Xnat which permit to open the link to the notebook.
XNAT.plugin.jupyterhub.servers.goTo = function(server_url) {
XNAT.plugin.jupyterhub.users.tokens.create().then(token => {
console.log(token)
window.open(`${server_url}?token=${token['token']}`, '_blank');
}).catch(() => {
window.open(server_url, '_blank');
})
}
So it call the backend for the creation of the token, and then create a new window with the url to the lab + the token at the end.
private String tokenUrl(final String username, final String tokenId) {
return jupyterHubApiUrl + "/users/" + username + "/tokens";
}
So I think the issue come from the windows that is opened which does not have any cookie sets.
If you have any idea how to pass a properly set up cookie to a new page.
For the version I am using the latest chart of jupyterhub:
jupyterhub/jupyterhub 3.0.2 4.0.2
With the latest image:
name: jupyterhub/k8s-hub tag: “3.0.2”
name: jupyterhub/configurable-http-proxy tag: “4.5.6”
name: traefik tag: “v2.10.4”
name: jupyterhub/k8s-secret-sync tag: “3.0.2”
name: jupyterhub/k8s-network-tools tag: “3.0.2”
name: jupyterhub/k8s-singleuser-sample tag: “3.0.2”
name: registry.k8s.io/kube-scheduler tag: “v1.26.7”
name: registry.k8s.io/pause tag: “3.9”
name: jupyterhub/k8s-image-awaiter tag: “3.0.2”