services icon indicating copy to clipboard operation
services copied to clipboard

Published 20 hours ago verified publisher icon jupyter-attic

Starting notebook session with a password protected server

Open geyang opened this issue 9 years ago • 6 comments

Hi,

Sorry if this is already implemented. I looked for the options to connect to password protected notebooks with the service. Is this possible?

Thanks! Ge

geyang avatar Mar 13 '16 05:03 geyang

Hi @episodeyang, I am not familiar with how password protecting is handled normally in notebooks, perhaps @minrk can answer that part. My guess is that you would set the password field in the ajaxSettings in the NotebookSession.

https://github.com/jupyter/jupyter-js-utils/blob/master/src/index.ts#L169

blink1073 avatar Mar 13 '16 17:03 blink1073

With the current notebook server, you must login with a password, which sets a cookie, and the cookie must be used with all subsequent requests. We've discussed adding token authentication via headers, but it hasn't happened yet.

minrk avatar Mar 13 '16 19:03 minrk

@minrk Thanks!

@blink1073 yeah so the problem right now is that the auth is cookie based, so unless the user manually pass the cookie along, a javascript client can not connect to a password protected server because as soon as you connect, the server redirects which prevents a js client to get the cookie information.

Ge

geyang avatar Mar 20 '16 21:03 geyang

Does using withCredentials not work? https://github.com/jupyter/jupyter-js-utils/blob/master/src/index.ts#L159

I believe @parente is already using it.

blink1073 avatar Mar 21 '16 13:03 blink1073

withCredentials should work but we're not using it at the moment. Instead of running notebook servers which have human-centric auth, we're running kernel gateway servers which support programmatic, token-based Authorization: token <token value> headers. (http://jupyter-kernel-gateway.readthedocs.org/en/latest/config-options.html, auth_token option)

@episodeyang are you bound to notebooks and the notebook server specifically? If not, you might want to look at kernel gateway.

parente avatar Mar 21 '16 13:03 parente

IBM's Spark as a Service on Bluemix provides a kernel gateway protected with basic auth. But the sample code [1] has to jump through loops to get it working. ajaxSettings provide user ID and password for the API calls, but not for the websocket connection. So the user ID and password has to be mangled into the web socket URL, too. I just tried setting withCredentials in my node.js client program, but still need to provide both. Should that flag enable passing of uid/pwd from ajaxSettings to the web socket options? From the description, it doesn't sound like it, at least if the web socket connects to the same host as the API calls.

[1] step 2 at https://console.ng.bluemix.net/docs/services/AnalyticsforApacheSpark/index-gentopic4.html#running_spark_interactive_api_app

rolweber avatar Nov 28 '16 13:11 rolweber