diff --git a/docs/source/conf.py b/docs/source/conf.py index c3f10040..2c6dc76e 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -21,6 +21,7 @@ extensions = [ 'myst_parser', ] +myst_heading_anchors = 2 myst_enable_extensions = [ 'colon_fence', 'deflist', diff --git a/docs/source/reference/authenticators.md b/docs/source/reference/authenticators.md index 61f8ecbe..0d3ac3cd 100644 --- a/docs/source/reference/authenticators.md +++ b/docs/source/reference/authenticators.md @@ -1,6 +1,6 @@ # Authenticators -The [Authenticator][] is the mechanism for authorizing users to use the +The {class}`.Authenticator` is the mechanism for authorizing users to use the Hub and single user notebook servers. ## The default PAM Authenticator @@ -137,8 +137,8 @@ via other mechanisms. One such example is using [GitHub OAuth][]. Because the username is passed from the Authenticator to the Spawner, a custom Authenticator and Spawner are often used together. -For example, the Authenticator methods, [pre_spawn_start(user, spawner)][] -and [post_spawn_stop(user, spawner)][], are hooks that can be used to do +For example, the Authenticator methods, {meth}`.Authenticator.pre_spawn_start` +and {meth}`.Authenticator.post_spawn_stop`, are hooks that can be used to do auth-related startup (e.g. opening PAM sessions) and cleanup (e.g. closing PAM sessions). @@ -223,7 +223,7 @@ If there are multiple keys present, the **first** key is always used to persist Typically, if `auth_state` is persisted it is desirable to affect the Spawner environment in some way. This may mean defining environment variables, placing certificate in the user's home directory, etc. -The `Authenticator.pre_spawn_start` method can be used to pass information from authenticator state +The {meth}`Authenticator.pre_spawn_start` method can be used to pass information from authenticator state to Spawner environment: ```python @@ -247,6 +247,8 @@ class MyAuthenticator(Authenticator): spawner.environment['UPSTREAM_TOKEN'] = auth_state['upstream_token'] ``` +(authenticator-groups)= + ## Authenticator-managed group membership :::{versionadded} 2.2 @@ -279,8 +281,8 @@ all group-management via the API is disabled. ## pre_spawn_start and post_spawn_stop hooks -Authenticators uses two hooks, [pre_spawn_start(user, spawner)][] and -[post_spawn_stop(user, spawner)][] to add pass additional state information +Authenticators uses two hooks, {meth}`.Authenticator.pre_spawn_start` and +{meth}`.Authenticator.post_spawn_stop(user, spawner)` to add pass additional state information between the authenticator and a spawner. These hooks are typically used auth-related startup, i.e. opening a PAM session, and auth-related cleanup, i.e. closing a PAM session. @@ -289,10 +291,7 @@ PAM session. Beginning with version 0.8, JupyterHub is an OAuth provider. -[authenticator]: https://github.com/jupyterhub/jupyterhub/blob/HEAD/jupyterhub/auth.py [pam]: https://en.wikipedia.org/wiki/Pluggable_authentication_module [oauth]: https://en.wikipedia.org/wiki/OAuth [github oauth]: https://developer.github.com/v3/oauth/ [oauthenticator]: https://github.com/jupyterhub/oauthenticator -[pre_spawn_start(user, spawner)]: https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.pre_spawn_start -[post_spawn_stop(user, spawner)]: https://jupyterhub.readthedocs.io/en/latest/api/auth.html#jupyterhub.auth.Authenticator.post_spawn_stop diff --git a/docs/source/reference/services.md b/docs/source/reference/services.md index 611ed603..ca82249f 100644 --- a/docs/source/reference/services.md +++ b/docs/source/reference/services.md @@ -209,23 +209,23 @@ can be used by services. You may go beyond this reference implementation and create custom hub-authenticating clients and services. We describe the process below. -The reference, or base, implementation is the [`HubAuth`][hubauth] class, +The reference, or base, implementation is the {class}`.HubAuth` class, which implements the API requests to the Hub that resolve a token to a User model. There are two levels of authentication with the Hub: -- [`HubAuth`][hubauth] - the most basic authentication, +- {class}`.HubAuth` - the most basic authentication, for services that should only accept API requests authorized with a token. -- [`HubOAuth`][huboauth] - For services that should use oauth to authenticate with the Hub. +- {class}`.HubOAuth` - For services that should use oauth to authenticate with the Hub. This should be used for any service that serves pages that should be visited with a browser. To use HubAuth, you must set the `.api_token`, either programmatically when constructing the class, or via the `JUPYTERHUB_API_TOKEN` environment variable. Most of the logic for authentication implementation is found in the -[`HubAuth.user_for_token`][hubauth.user_for_token] -methods, which makes a request of the Hub, and returns: +{meth}`.HubAuth.user_for_token` methods, +which makes a request of the Hub, and returns: - None, if no user could be identified, or - a dict of the following form: @@ -371,11 +371,6 @@ section on securing the notebook viewer. [requests]: http://docs.python-requests.org/en/master/ [services_auth]: ../api/services.auth.html -[hubauth]: ../api/services.auth.html#jupyterhub.services.auth.HubAuth -[huboauth]: ../api/services.auth.html#jupyterhub.services.auth.HubOAuth -[hubauth.user_for_token]: ../api/services.auth.html#jupyterhub.services.auth.HubAuth.user_for_token -[hubauthenticated]: ../api/services.auth.html#jupyterhub.services.auth.HubAuthenticated -[huboauthenticated]: ../api/services.auth.html#jupyterhub.services.auth.HubOAuthenticated [nbviewer example]: https://github.com/jupyter/nbviewer#securing-the-notebook-viewer [fastapi example]: https://github.com/jupyterhub/jupyterhub/tree/HEAD/examples/service-fastapi [fastapi]: https://fastapi.tiangolo.com diff --git a/docs/source/troubleshooting.md b/docs/source/troubleshooting.md index 898b46c8..efca64d0 100644 --- a/docs/source/troubleshooting.md +++ b/docs/source/troubleshooting.md @@ -275,7 +275,7 @@ where `ssl_cert` is example-chained.crt and ssl_key to your private key. Then restart JupyterHub. -See also [JupyterHub SSL encryption](./getting-started/security-basics.html#ssl-encryption). +See also {ref}`ssl-encryption`. ### Install JupyterHub without a network connection