URL Token parameter now disabled? (original) (raw)

January 7, 2025, 1:01pm 3

Oh interesting.

JupyterHub Helm Chart: v4.0.1-0.dev.git.6874.h2390243c
JupyterHub: v5.2.1

Added the JUPYTERHUB_SINGLEUSER_EXTENSION=0 env var to our custom KubeSpawner environments, but behavior didn’t change.

Hitting this URL with the token param in incognito browser used to authenticate correctly, but now it redirects to our Auth0 login page:
https://jh-server.com/user/andrew@example.com/test-server/lab?token=abc

Also seems like server side Node WebSocket has authentication issues whereas client side WebSocket seems to work fine. I’m assuming cookies/xsrf may be involved.

# Example error log on single user server when attempting to connect via WebSocket.
Couldn't authenticate WebSocket connection                                                                                                                                                 
notebook [I 2025-01-07 12:58:21.289 ServerApp] Setting new xsrf cookie for b':bDamMN8DPtF33En-AnhilPG=' {'path': '/user/andrew@example.com/test-server/', 'max_age': 3600}