Jupyter Lab is currently blocked in standalone (i.e. token auth) mode.
Context: In standalone mode, Jupyter server authorisation is open by default, i.e. the bearer of the token has full permissions. This makes some sense, but doesn't play nicely for multi-user access to a single server when running behind Jupyter Hub (because it grants full perms to any authenticated user).
So to protect against this, we define a Cylc "authorizer" which reduces the default authorzation to the server's owner (as opposed to any authenticated user).
This works fine for Jupyter Hub use cases. Unfortunately, this authorizer is also configured for standalone use cases which it subsequently breaks due to the way token auth works.
Suggest modifying the authorizer to give full perms if the user is token authenticated.
Jupyter Lab is currently blocked in standalone (i.e. token auth) mode.
Context: In standalone mode, Jupyter server authorisation is open by default, i.e. the bearer of the token has full permissions. This makes some sense, but doesn't play nicely for multi-user access to a single server when running behind Jupyter Hub (because it grants full perms to any authenticated user).
So to protect against this, we define a Cylc "authorizer" which reduces the default authorzation to the server's owner (as opposed to any authenticated user).
https://github.com/cylc/cylc-uiserver/blob/c821ecc977fd6b4e439546dc75a3864c8ef6cdd4/cylc/uiserver/jupyter_config.py#L99-L103
This works fine for Jupyter Hub use cases. Unfortunately, this authorizer is also configured for standalone use cases which it subsequently breaks due to the way token auth works.
Suggest modifying the authorizer to give full perms if the user is token authenticated.