JupyterHub service that mints short-lived Positron Server license tokens
Project description
jupyter-positron-verifier
A JupyterHub managed service that mints short-lived, cryptographically signed Positron Server license tokens for per-session use.
What it does
When Positron Server runs inside a JupyterHub environment, it needs a per-session license token to operate. This service sits between JupyterHub and Positron Server and handles that handoff:
- Authenticates the caller — verifies the caller's JupyterHub API token against the Hub's
/authorizations/tokenendpoint using the service's own token. - Checks entitlement — calls a local
license-managerbinary to verify the host's Positron Server license is active. The result is cached for 5 minutes. - Mints a license — signs a JSON payload (connection token + timestamp) with an RSA private key
- Prevents reuse — tracks issued connection tokens so each one gets exactly one license.
The single HTTP endpoint is POST {SERVICE_PREFIX}/mint.
Configuration
All configuration is via environment variables. JupyterHub sets the JUPYTERHUB_* variables automatically for managed services.
| Variable | Description |
|---|---|
JUPYTERHUB_API_URL |
Hub API base URL (default: http://hub:8081/hub/api) |
JUPYTERHUB_API_TOKEN |
This service's own Hub token (set automatically by JupyterHub) |
JUPYTERHUB_SERVICE_PREFIX |
URL prefix for this service (default: /services/positron-license/) |
POSITRON_MINTING_KEY |
PEM-encoded RSA private key (literal string) |
POSITRON_MINTING_KEY_FILE |
Path to a PEM-encoded RSA private key file (used if POSITRON_MINTING_KEY is unset) |
POSITRON_LICENSE_MANAGER_PATH |
Path to the license-manager binary for entitlement checks |
PORT |
Port to listen on (default: 8099) |
Running
pip install jupyter-positron-verifier
positron-verifier
In practice, this is used under the hood by Positron. You should not need to interact with this package.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file jupyter_positron_verifier-0.0.1.tar.gz.
File metadata
- Download URL: jupyter_positron_verifier-0.0.1.tar.gz
- Upload date:
- Size: 73.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2bfd36de229d0bb099a798eeb76448393b0397b4f8889fcd0ad4f94e6be03944
|
|
| MD5 |
98db09e83f1becb87393a485944b1012
|
|
| BLAKE2b-256 |
ce7927a8c5f7953958c6b0a454ab2740a18ca2e9105ecdecf0c290f8b10ba954
|
Provenance
The following attestation bundles were made for jupyter_positron_verifier-0.0.1.tar.gz:
Publisher:
test.yml on posit-dev/jupyter-positron-verifier
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
jupyter_positron_verifier-0.0.1.tar.gz -
Subject digest:
2bfd36de229d0bb099a798eeb76448393b0397b4f8889fcd0ad4f94e6be03944 - Sigstore transparency entry: 2088643259
- Sigstore integration time:
-
Permalink:
posit-dev/jupyter-positron-verifier@ba64343fe91ea720ede64e357e3ab71e642246b2 -
Branch / Tag:
refs/tags/0.0.1 - Owner: https://github.com/posit-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
test.yml@ba64343fe91ea720ede64e357e3ab71e642246b2 -
Trigger Event:
release
-
Statement type:
File details
Details for the file jupyter_positron_verifier-0.0.1-py3-none-any.whl.
File metadata
- Download URL: jupyter_positron_verifier-0.0.1-py3-none-any.whl
- Upload date:
- Size: 8.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2c58ffae558bec0650e1e29f538d2b41694269858db3bbfbe186058b57b1f92b
|
|
| MD5 |
1df4c771519d0ef3225b29197423559a
|
|
| BLAKE2b-256 |
bcc1654ea0a7981eccda8a32730d7b2948332829aa9563d40926c163a537d142
|
Provenance
The following attestation bundles were made for jupyter_positron_verifier-0.0.1-py3-none-any.whl:
Publisher:
test.yml on posit-dev/jupyter-positron-verifier
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
jupyter_positron_verifier-0.0.1-py3-none-any.whl -
Subject digest:
2c58ffae558bec0650e1e29f538d2b41694269858db3bbfbe186058b57b1f92b - Sigstore transparency entry: 2088644078
- Sigstore integration time:
-
Permalink:
posit-dev/jupyter-positron-verifier@ba64343fe91ea720ede64e357e3ab71e642246b2 -
Branch / Tag:
refs/tags/0.0.1 - Owner: https://github.com/posit-dev
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
test.yml@ba64343fe91ea720ede64e357e3ab71e642246b2 -
Trigger Event:
release
-
Statement type: