Uploaded image for project: 'SAFe Program'
  1. SAFe Program
  2. SP-4157

New API to store and make available JupyterHUB user-access tokens

Change Owns to Parent OfsSet start and due date...
    XporterXMLWordPrintable

Details

    • Feature
    • Could have
    • PI22
    • None
    • SRCnet
    • Hide

      This work will allow a user to launch a notebook from the science gateway, and be automatically logged into the SKA IAM in order to process their data. We can thereby provide single-sign-on JupyterHUB integration into the science gateway.

      Show
      This work will allow a user to launch a notebook from the science gateway, and be automatically logged into the SKA IAM in order to process their data. We can thereby provide single-sign-on JupyterHUB integration into the science gateway.
    • Hide

      AC1: A new database is created, or an existing database is modified, in order to store JupyterHUB user-access tokens on a per-user, per-JupyterHUB-instance basis.

      AC2: A new API is created that accepts a user name, and a JupyterHUB domain name, and returns the JupyterHUB user-access token.

      AC3: The new API is authenticated using a token from the Auth APIs in order that the JupyterHUB user-access tokens are only provided to callers that are authorised to access them.

      Show
      AC1: A new database is created, or an existing database is modified, in order to store JupyterHUB user-access tokens on a per-user, per-JupyterHUB-instance basis. AC2: A new API is created that accepts a user name, and a JupyterHUB domain name, and returns the JupyterHUB user-access token. AC3: The new API is authenticated using a token from the Auth APIs in order that the JupyterHUB user-access tokens are only provided to callers that are authorised to access them.
    • 1
    • 1
    • 0
    • Team_TANGERINE
    • Sprint 4
    • Hide

      AC1: The new MySQL database is running under the new API at https://esap.srcdev.skao.int/tannet-api/

      AC2: New end points /get_user_tokens and /set_user_token respectively get and set user access tokens for specific services (see screenshots).

      AC3: The new API is authenticated by exchanging a token through the Auth APIs (see swagger screen at https://esap.srcdev.skao.int/tannet-api/v1/www/docs/oper - says Authentication: required next to the /get_user_tokens and /set_user_token end points).

      Show
      AC1: The new MySQL database is running under the new API at https://esap.srcdev.skao.int/tannet-api/ AC2: New end points /get_user_tokens and /set_user_token respectively get and set user access tokens for specific services (see screenshots). AC3: The new API is authenticated by exchanging a token through the Auth APIs (see swagger screen at https://esap.srcdev.skao.int/tannet-api/v1/www/docs/oper - says Authentication: required next to the /get_user_tokens and /set_user_token end points).
    • 22.6
    • Stories Completed, Integrated, Outcomes Reviewed, Demonstrated, Satisfies Acceptance Criteria, Accepted by FO

    • PI23 - UNCOVERED

    • science-gateway

    Description

      The science gateway currently allows users to search for, and launch, instances of a JupyterHUB notebook on SRCNet resources. However, upon launching the notebook the user will be asked to sign into the SKA IAM again, which is not consistent with our requirement to provide a single-sign-on platform environment.

      In each instance of JupyterHUB we can generate user-access tokens, which can be passed to the JupyterHUB url as query parameters in order to log the user in automatically.

      We therefore require a database to store these tokens, on a per-user and per-JupyterHUB-instance basis, and to make them available to the science gateway via a new API. A call to the API must be authenticated by providing a suitable token from the Auth APIs in order to confirm that the caller is authorised to access this JupyterHUB token, but the exact process is to be determined.

      Attachments

        Issue Links

          mentioned in

          Page Loading...

          Page Loading...

          Structure

            Activity

              People

                j.collinson Collinson, James
                C.Skipper Skipper, Chris
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Feature Progress

                  Story Point Burn-up: (100.00%)

                  Feature Estimate: 1.0

                  IssuesStory Points
                  To Do00.0
                  In Progress   00.0
                  Complete33.0
                  Total33.0

                  Dates

                    Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel