Add read:metrics scope for metrics endpoint

and ensure token auth is accepted
2025-10-19 07:53:00 +00:00 · 2022-01-18 14:43:19 +01:00
parent f86d53a234
commit 704712cc81
6 changed files with 55 additions and 17 deletions
--- a/jupyterhub/utils.py
+++ b/jupyterhub/utils.py
@@ -320,9 +320,11 @@ def admin_only(f):
@auth_decorator
 def metrics_authentication(self):
    """Decorator for restricting access to metrics"""
-    user = self.current_user
-    if user is None and self.authenticate_prometheus:
-        raise web.HTTPError(403)
+    if not self.authenticate_prometheus:
+        return
+    scope = 'read:metrics'
+    if scope not in self.parsed_scopes:
+        raise web.HTTPError(403, f"Access to metrics requires scope '{scope}'")


 # Token utilities