hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-14 21:43:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

separate OAuth access tokens from API tokens

Browse Source 
OAuth access tokens can only be used to identify users, not perform actions on their behalf, which API tokens do.

Implementing OAuth scopes would allow us to achieve this limitation without separating the two items, but that would be a much bigger change, including having an OAuth "Would you like to grant permissions..." confirmation page.
This commit is contained in:
Min RK
2017-04-19 15:34:41 +02:00
parent 4df93cab04
commit 66cb630b86
4 changed files with 109 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
jupyterhub/apihandlers/users.py
View File

@@ -20,6 +20,11 @@ class SelfAPIHandler(APIHandler):
@web.authenticated
def get(self):
user = self.get_current_user()
if user is None:
# whoami can be accessed via oauth token
user = self.get_current_user_oauth_token()
if user is None:
raise web.HTTPError(403)
self.write(json.dumps(self.user_model(user)))