Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the share button actually share something #437

Open
Hyrla opened this issue Feb 5, 2025 · 0 comments
Open

Make the share button actually share something #437

Hyrla opened this issue Feb 5, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@Hyrla
Copy link

Hyrla commented Feb 5, 2025
edited
Loading

Disclaimer: I've been using Jupyter for only 3 weeks. Some of my comments and suggestions may be irrelevant.

Problem

If I understand it properly, as of today you can't collaborate with someone without:
a) Having an impersonation token from him/her
b) Having the Hub admin explicitly giving you the right to access all servers or at least this specific user's server

The share button that jupyter-collaboration provides only works in one of these two ways. The problem is (at least for me) that it is not practical as a Hub admin to manage "collaboration accounts" (as suggested in Jupyter Hub documentation) nor to give all my users the ability to access everybody's server.

Proposed Solution

Jupyter Hub 5.0 provides a "shared server" feature to let a user dynamically share his/her server with anyone else without involving admin trickery. As of today, it is only achievable through the API. I think we should change the share button behavior (which was relevant before Jupyter Hub 5.0) to a new UI that would let a non-admin user invite other users to his/her own server and revoke access later if needed using the shared server feature documented here. I tested the API myself and I can confirm that I managed to give another non-admin user the ability to access my server without any other permission needed, using my token to access the Hub API.

Here is the very basic Python code I used to test this feature:

import requests
api_url = "https://jupyter.esiea.fr/hub/api"
token = "Owner token"
owner_username = "[email protected]" 
shared_user = "[email protected]"

headers = {"Authorization": f"token {token}", "Content-Type": "application/json"}
data = {"user": shared_user}
response = requests.post(f"{api_url}/shares/{owner_username}/", headers=headers, json=data)

print(response.status_code, response.json())

Here is the API reply:
200 {'server': {'user': {'name': '[email protected]'}, 'name': '', 'url': '/user/[email protected]/', 'full_url': None, 'ready': False}, 'scopes': ['access:[email protected]/'], 'user': {'name': '[email protected]'}, 'group': None, 'kind': 'user', 'created_at': '2025-02-04T15:34:51.611747Z'}

After this API request, "[email protected]" was able to access "[email protected]" without any impersonation token, just by typing the server URL.

Additional context

I think I should be able to develop this feature and create a merge request myself, but as a newbie in the Jupyter ecosystem, I would like to have some feedback. Thank you!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Hyrla