Can't access server with provided token

rgaiacs commented 1 month ago

$ repo2docker --version
2024.07.0
$ repo2docker .
...
Successfully tagged r2d-2e1722612782:latest
/srv/conda/envs/notebook/lib/python3.10/subprocess.py:961: RuntimeWarning: line buffering (buffering=1) isn't supported in binary mode, the default buffer size will be used
  self.stdout = io.open(c2pread, 'rb', bufsize)
[I 15:35:10.721 NotebookApp] Writing notebook server cookie secret to /home/raniere/.local/share/jupyter/runtime/notebook_cookie_secret

  _   _          _      _
 | | | |_ __  __| |__ _| |_ ___
 | |_| | '_ \/ _` / _` |  _/ -_)
  \___/| .__/\__,_\__,_|\__\___|
       |_|

Read the migration plan to Notebook 7 to learn about the new features and the actions to take if you are using extensions.

https://jupyter-notebook.readthedocs.io/en/latest/migrate_to_notebook7.html

Please note that updating to Notebook 7 might break some of your extensions.

[W 2024-08-02 15:35:11.386 LabApp] 'ip' has moved from NotebookApp to ServerApp. This config will be passed to ServerApp. Be sure to update your config before our next release.
[W 2024-08-02 15:35:11.386 LabApp] 'port' has moved from NotebookApp to ServerApp. This config will be passed to ServerApp. Be sure to update your config before our next release.
[W 2024-08-02 15:35:11.386 LabApp] 'custom_display_url' has moved from NotebookApp to ServerApp. This config will be passed to ServerApp. Be sure to update your config before our next release.
[W 2024-08-02 15:35:11.386 LabApp] 'custom_display_url' has moved from NotebookApp to ServerApp. This config will be passed to ServerApp. Be sure to update your config before our next release.
[W 2024-08-02 15:35:11.386 LabApp] 'custom_display_url' has moved from NotebookApp to ServerApp. This config will be passed to ServerApp. Be sure to update your config before our next release.
[I 2024-08-02 15:35:11.396 LabApp] JupyterLab extension loaded from /srv/conda/envs/notebook/lib/python3.10/site-packages/jupyterlab
[I 2024-08-02 15:35:11.396 LabApp] JupyterLab application directory is /srv/conda/envs/notebook/share/jupyter/lab
[I 2024-08-02 15:35:11.397 LabApp] Extension Manager is 'pypi'.
[I 15:35:11.410 NotebookApp] Serving notebooks from local directory: /home/raniere
[I 15:35:11.410 NotebookApp] Jupyter Notebook 6.5.6 is running at:
[I 15:35:11.410 NotebookApp] http://127.0.0.1:44781/?token=7dd7de0ba3280d147c16fed90617b006cdea0c65ce55c54f
[I 15:35:11.410 NotebookApp] Use Control-C to stop this server and shut down all kernels (twice to skip confirmation).
[W 15:35:11.413 NotebookApp] No web browser found: could not locate runnable browser.
[C 15:35:11.413 NotebookApp] 

    To access the notebook, open this file in a browser:
        file:///home/raniere/.local/share/jupyter/runtime/nbserver-14-open.html
    Or copy and paste this URL:
        http://127.0.0.1:44781/?token=7dd7de0ba3280d147c16fed90617b006cdea0c65ce55c54f

Expected behaviour

http://127.0.0.1:44781/?token=7dd7de0ba3280d147c16fed90617b006cdea0c65ce55c54f will give access Jupyter Lab.

Actual behaviour

http://127.0.0.1:44781/?token=7dd7de0ba3280d147c16fed90617b006cdea0c65ce55c54f asks for the token

Screenshot 2024-08-02 at 17-42-00 Jupyter Notebook

Your personal set up

OS: Ubuntu running on WLS2
Docker version: Docker version 26.0.0, build 2ae903e
repo2docker version: 2024.07.0

manics commented 1 month ago

This is easily reproducible with 2024.07.0. Running jupyter notebook list inside the container (using docker exec) shows a different token.

Using the main branch works, except that I get redirected to http://127.0.0.1:<PORT>/lab which shows 404 : Not Found. Changing the URL to http://127.0.0.1:<PORT>/tree works.

PID 1 is python3 -u /usr/local/bin/repo2docker-entrypoint jupyter notebook --ip=0.0.0.0 --port=<PORT> --NotebookApp.custom_display_url=http://127.0.0.1:<PORT> --NotebookApp.default_url=/lab so maybe JupyterLab is incompatible with jupyter notebook, and we need to switch to jupyter server? @jtpio Does this sound right?

minrk commented 1 month ago

It sounds like the backward-compatibility shims for the new IdentityProvider API in Jupyter Server 2.0 don't quite work to keep the old token config in sync with the new token config in every case. I'll see if I can track it down.

minrk commented 1 month ago

Indeed, this is https://github.com/jupyter-server/jupyter_server/pull/1221 which has more detail on the issue.

essentially, Jupyter Server 2.0 extensions are not actually compatible with notebook < 7. We can mostly work around this by explicitly setting both c.NotebookApp.token and c.IdentityProvider.token config to the same value. The result will not be everything fully working, but it will result in either classic notebook (likely not including any extensions upgraded to support jupyter server) or jupyterlab working.

I think the fix is to switch the jupyter notebook invocation to jupyter server or jupyter lab (as we have done in BinderHub)

minrk commented 1 month ago

Upgrading to notebook 7 (#1363) will fix this. As would a smaller patch to change the launch command to jupyter-server from jupyter-notebook.

jupyterhub / repo2docker