hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-10 19:43:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Edits per @minrk review

Browse Source
This commit is contained in:
Carol Willing
2017-07-25 08:01:14 -07:00
parent 96c04f3c60
commit d2e411dba0
1 changed files with 12 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
docs/source/technical-overview.md
View File

@@ -25,7 +25,7 @@ by the `jupyterhub` command line program:
[configurable http proxy](https://github.com/jupyterhub/configurable-http-proxy) [configurable http proxy](https://github.com/jupyterhub/configurable-http-proxy)
(node-http-proxy) is the default proxy. (node-http-proxy) is the default proxy.
- **Single-User Notebook Server** (Python/IPython/Tornado): a dedicated, - **Single-User Notebook Server** (Python/Tornado): a dedicated,
single-user, Jupyter Notebook server is started for each user on the system single-user, Jupyter Notebook server is started for each user on the system
when the user logs in. The object that starts the single-user notebook when the user logs in. The object that starts the single-user notebook
servers is called a **Spawner**. servers is called a **Spawner**.
@@ -39,7 +39,7 @@ the domain name of the server.
The basic principles of operation are: The basic principles of operation are:
- The Hub spawns proxy - The Hub spawns the proxy (in the default JupyterHub configuration)
- The proxy forwards all requests to the Hub by default - The proxy forwards all requests to the Hub by default
- The Hub handles login, and spawns single-user notebook servers on demand - The Hub handles login, and spawns single-user notebook servers on demand
- The Hub configures the proxy to forward url prefixes to single-user notebook - The Hub configures the proxy to forward url prefixes to single-user notebook
@@ -68,25 +68,24 @@ When a user accesses JupyterHub, the following events take place:
- Login data is handed to the [Authenticator](./authenticators.html) instance for - Login data is handed to the [Authenticator](./authenticators.html) instance for
validation validation
- The Authenticator returns the username and if the login information is valid - The Authenticator returns the username if the login information is valid
- A single-user notebook server instance is [spawned](./spawners.html) for the - A single-user notebook server instance is [spawned](./spawners.html) for the
logged-in user logged-in user
- When the single-user notebook server starts, the proxy is notified to forward - When the single-user notebook server starts, the proxy is notified to forward
requests to `/user/[username]/*` to the single-user notebook server. requests to `/user/[username]/*` to the single-user notebook server.
- Two cookies are set, one for `/hub/` and another for `/user/[username]`, - A cookie is set on `/hub/`, containing an encrypted token. (Prior to version
containing an encrypted token. 0.8, a cookie for `/user/[username]` was used too.)
- The browser is redirected to `/user/[username]`, and the request is handled by - The browser is redirected to `/user/[username]`, and the request is handled by
the single-user notebook server. the single-user notebook server.
Logging into a single-user notebook server is authenticated via the Hub: The single-user server identifies the user with the Hub via OAuth:
- On request, the single-user server forwards the encrypted cookie to the Hub - on request, the single-user server checks a cookie
for verification. - if no cookie is set, redirect to the Hub for verification via OAuth
- The Hub replies with the username if the encrypted cookie is valid. - after verification at the Hub, the browser is redirected back to the
- If the user is the owner of the single-user notebook server, access is single-user server
allowed. - the token is verified and stored in a cookie
- If it is the wrong user or an invalid cookie, the browser is redirected to - if no user is identified, the browser is redirected back to `/hub/login`
`/hub/login`.
## Default Behavior ## Default Behavior