Skip to main content

JupyterHub service that mints short-lived Positron Server license tokens

Project description

jupyter-positron-verifier

A JupyterHub managed service that mints short-lived, cryptographically signed Positron Server license tokens for per-session use.

What it does

When Positron Server runs inside a JupyterHub environment, it needs a per-session license token to operate. This service sits between JupyterHub and Positron Server and handles that handoff:

  1. Authenticates the caller — verifies the caller's JupyterHub API token against the Hub's /authorizations/token endpoint using the service's own token.
  2. Checks entitlement — calls a local license-manager binary to verify the host's Positron Server license is active. The result is cached for 5 minutes.
  3. Mints a license — signs a JSON payload (connection token + timestamp) with an RSA private key
  4. Prevents reuse — tracks issued connection tokens so each one gets exactly one license.

The single HTTP endpoint is POST {SERVICE_PREFIX}/mint.

Configuration

All configuration is via environment variables. JupyterHub sets the JUPYTERHUB_* variables automatically for managed services.

Variable Description
JUPYTERHUB_API_URL Hub API base URL (default: http://hub:8081/hub/api)
JUPYTERHUB_API_TOKEN This service's own Hub token (set automatically by JupyterHub)
JUPYTERHUB_SERVICE_PREFIX URL prefix for this service (default: /services/positron-license/)
POSITRON_MINTING_KEY PEM-encoded RSA private key (literal string)
POSITRON_MINTING_KEY_FILE Path to a PEM-encoded RSA private key file (used if POSITRON_MINTING_KEY is unset)
POSITRON_LICENSE_MANAGER_PATH Path to the license-manager binary for entitlement checks
PORT Port to listen on (default: 8099)

Running

pip install jupyter-positron-verifier
positron-verifier

In practice, this is used under the hood by Positron. You should not need to interact with this package.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jupyter_positron_verifier-0.0.1.tar.gz (73.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

jupyter_positron_verifier-0.0.1-py3-none-any.whl (8.3 kB view details)

Uploaded Python 3

File details

Details for the file jupyter_positron_verifier-0.0.1.tar.gz.

File metadata

File hashes

Hashes for jupyter_positron_verifier-0.0.1.tar.gz
Algorithm Hash digest
SHA256 2bfd36de229d0bb099a798eeb76448393b0397b4f8889fcd0ad4f94e6be03944
MD5 98db09e83f1becb87393a485944b1012
BLAKE2b-256 ce7927a8c5f7953958c6b0a454ab2740a18ca2e9105ecdecf0c290f8b10ba954

See more details on using hashes here.

Provenance

The following attestation bundles were made for jupyter_positron_verifier-0.0.1.tar.gz:

Publisher: test.yml on posit-dev/jupyter-positron-verifier

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file jupyter_positron_verifier-0.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for jupyter_positron_verifier-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2c58ffae558bec0650e1e29f538d2b41694269858db3bbfbe186058b57b1f92b
MD5 1df4c771519d0ef3225b29197423559a
BLAKE2b-256 bcc1654ea0a7981eccda8a32730d7b2948332829aa9563d40926c163a537d142

See more details on using hashes here.

Provenance

The following attestation bundles were made for jupyter_positron_verifier-0.0.1-py3-none-any.whl:

Publisher: test.yml on posit-dev/jupyter-positron-verifier

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page