Use JupyterHub tokens and client when available #82
Comments
|
Hi Rick, thanks for your question! Unfortunately, this isn't possible for a couple reasons. The first is practical, driven by the fact that users can select collections like GCS v5.4 mapped collections which require additional scopes at runtime, and so the Globus JupyterLab app needs to be able to do additional logins to fetch tokens for these extra scopes. The hub doesn't (as far as I know) support login with dynamic scopes and even if it did, there isn't an easy way to get new tokens from the hub into JupyterLab without restarting the user server. Therefore, JupyterLab uses its own Globus app so it can take these steps as needed. The second reason is less practical and has more to do with the OAuth2 spec. Globus JupyterLab is its own application so it can request tokens regardless if its run in a 'hub' environment or on a local user machine. It technically would be possible for the lab app to leverage 'hub' tokens for some parts of its application, but it would be a violation of the spec for one app to use another apps tokens. I agree it would be convenient to let users skip the additional login, but for those reasons above we chose not to. |
|
To follow up on the other things you mentioned:
|
|
It's been a week, so I'm going to go ahead and close this. Please reopen if you would like to continue the discussion. |
|
Thanks, Nick. I was going to say that I understand it's more complicated that just reusing the tokens. If I can think of potential design to make the JupyerHub integration more seamless I'll follow-up. |
I'm not sure if this is possible because of the distinction between Jupyter Server and the JupyterHub Globus client, but when using this extension for a JupyterHub instance using Globus auth, it would be ideal to leverage the tokens, etc., already available. It wasn't clear if this was possible using the Customized Transfer Submissions described in the docs.
The text was updated successfully, but these errors were encountered: