Whese does Authorization token generated with jupyterhub + jupyterlab + Dockerspawner – JupyterLab

When using the combination of JupyterHub, JupyterLab, and DockerSpawner, I’ve noticed that the token found in the browser request header Authorization: token xxx is different from the token displayed in the terminal, such as http://localhost:8888/?token=yyy. The browser token appears in a format like tnKM6RjHAuYuHrTwuwOu2BDqAAEjSv, while the terminal token has a format like 8b5926063ed71c4f4200cba6c7fb2f70168d646c72446531.

This discrepancy is important because I need the token to access the /api/sessions API. The terminal token, which I obtain from jupyter_server.serverapp.list_running_servers(), does not grant access to the API (resulting in a 403 error). However, the browser token (e.g., tnKM6RjHAuYuHrTwuwOu2BDqAAEjSv) does allow access.

Interestingly, when I launch JupyterLab directly from the terminal (without JupyterHub) using jupyter lab, the tokens displayed in the terminal and used in the browser are identical, and provide access to the aforementioned API.

How can I obtain the browser token needed to access the API? Additionally, where is this token generated in the source code?

The package versions on my system are:

  • JupyterLab 3.4.7
  • JupyterHub 3.1.1

Thank you.

Read more here: Source link