OAuth access tokens can only be used to identify users, not perform actions on their behalf, which API tokens do.
Implementing OAuth scopes would allow us to achieve this limitation without separating the two items, but that would be a much bigger change, including having an OAuth "Would you like to grant permissions..." confirmation page.
call poll_and_notify to ensure triggering of dead-server events in a few places:
- `/hub/home` page view
- user start and stop API endpoints
This should avoid the failure to stop a server that's died uncleanly because the server hasn't noticed yet
Handlers call `get_authenticated_user`, which in turn calls
- authenticate
- normalize_username
- check_whitelist
get_authenticated_user shouldn't need to be overridden.
Normalization can be handled via overriding normalize_username.
If Spawner.options_form is specified, a form providing input controls is shown to the user prior to launch.
Spawners access the result via the `self.user_options` dict.
The default spawners offer no form.
- GET fetches proxy table (relays same request to proxy's API endpoint)
- POST prods routing table sync (useful when proxy restarts)
- PATCH allows updating the proxy API location, auth token
e.g. docker, which can take a long time to stop,
especially if several docker actions are already queued.
Use status `202: Accepted` for API replies sent with spawn/stop still pending
optionally allow admin users to login to user servers by visiting a special admin-only URL that sets the relevant cookie
- disabled by default
- an 'access server' button is added to the admin panel, which sets the necessary cookie to log in to the user server
and .delete_user
This hook can be used to trigger events,
such as user validation, or creating of system users.
Adds a LocalAuthenticator class that implements
checking for and rudimentary creation of system users.
