minrk
commented
8 years ago https://github.com/jupyter/notebook/pull/1831 will make this even more important, as we are looking to reduce the number of cases where notebook servers run without any authentication.JupyterHub doesn't support token-authentication to the single-user servers, but I can add this easily enough, especially considering the above PR. That should make it easy to authenticate with only the Authorization: token <secret> header which is probably easier from node than cookies. Kernel Gateway already supports this header, so that's probably a good first target.
What JupyterHub will add a desire for is a login-flow, so that you can login with the Hub's form/oauth to retrieve a token. For now, you would need the same thing, but setting cookies, instead. If the ws client supports cookies well enough, this may be sufficient anyway.
rgbkrk
We certainly need to tackle this for any real servers and especially since we want to be able to work across JupyterHub installations. @minrk said he'd be interested in tackling this. I'm ok if it's a little bit dual purpose - I'd love to see it work if this library was used on an existing jupyter server (with cookies) as well as if this was making calls with tokens.