独家优惠奖金 100% 高达 1 BTC + 180 免费旋转

Why ?

Jupyter is open at heart, which is very good ! However outside science not all data people work with is —obviously. As data is increasingly recognized as a key competitive advantage for firms it is important to protect it and manage access rights.

So there should be an easy way to get authenticated directly from the notebook so as to tap protected APIs without manipulating secrets (login/passwords or keys), which typically undermines security.

The structure of ipyauth is modular. There are distinct Javascript and Python files for each ID provider so that it should be a reasonable effort to add new one.

(*) Only Python is considered in this article

I picked Autho0 and Google as the first 2 ID providers because:

EDIT: ipyauth does not rely on ID providers SDKs any longer. See bottom of page

Here what the ipyauth widget looks like with Auth0:

EDIT: ipyauth does not rely on ID providers SDKs any longer. See bottom of page

Here what the ipyauth widget looks like with Google:

The video below demonstrates the ipyauth widget with an Auth0 server.

In summary the notebook user goes through the following steps:

From there the user can make regular requests to a protected API with the access token obtained. In the demo the user taps an API that manages 2 lists of fruits, usual and exotic, and read/write rights depending on the scopes.

The video below demonstrates the ipyauth widget with Google.

In summary the notebook user goes through the following steps:

Then the popup closes, the widget displays the token data and the Python kernel has it too. The user may click the Inspect button to examine the token contents.

From there the user is can make requests to Google APIs with the access token obtained as long as it has the required scopes. In the demo the user creates a new spreadsheet on his Drive, writes some data in it, update it, remove some, and finally shares it with other people — without leaving the comfort of their Jupyter notebook !

However there is a small caveat.

When the flow involves redirect away/back to the notebook url (Auth0 example for initial authentication) then upon landing back to the notebook url there is a difference in behavior.

To be clear, when there is no redirection (Google example) then there is no difference in user experience between the classic notebook and JupyterLab.

EDIT: ipyauth works in iframes and popups for all ID providers. No more redirect from the notebook page. See bottom of page.

Indeed JupyterHub does authenticate users. However the OAuth scopes negotiated are predetermined (like any website) and independent of the notebooks contents it helps play. However by definition notebooks contain arbitrary code which may need to negotiate a token containing specific rights — with a third party authentication server — to access some data protected independently of the JupyterHub server. As a consequence it is convenient to be able to originate the authentication from inside the notebook so that its workflow is self contained. Because the notebook is a kind of SPA, it is feasible in a standard way.

This remark is also valid for desktop Jupyter (i.e. local install).

But is it that useful to tap APIs from a notebook in the first place ?

Yes it is, very VERY much !

APIs are ubiquitous and modular IT system design is increasingly the norm.

There are structural reasons for that: UI is intrinsically complex and requires specialists to design and implement, who typically hop from one project to the next, and seldom know the structure of the data behind the API and/or the mindset of the human data consumers. Besides, as intuitive and pleasant as the first time visitor experience is, in case of repeated interaction and intensive use the GUI becomes cumbersome and a frustrating barrier, particularly for batch works.

In contrast, the notebook solves many of these problems:

A typical API consumption notebook works as follows:

Thus Jupyter notebooks offer a continuum of solutions to interact with APIs, from very technical live documentation to quasi web apps, likely to be developed or at least maintained and tweaked by “business people” who know the data and/or the users.

More generally because notebooks are intuitive and can be easily tailored to a specific audience or technical knowledge, they can be used to educate people about APIs and related subjects. This has a lot of value in organizations.

From this perspective I believe the key feature to increase the user base “x 10”, literally, is to help notebook producers package and publish them to notebook consumers.

Anyway, I would like to conclude with a thumbs up and “chapeau bas” to the Jupyter core devs for their outstanding intuition, execution, dedication, achievement and social value generated ! They are part of History —really.

EDIT 12/06/18: ipyauth was refactored to remove the dependency on ID providers’ SDKs in favor of their endpoints, and manage the authentication flow in hidden iframes as much as possible, else popups, so that there is no more redirect from the notebook page, which greatly improves the user experience. It also shortens the code and makes it considerably simpler to add a new ID provider. And SG Connect, Société Générale CIB ID provider, was added.

Add a comment

What is your view?

Send

Related posts:

Say What? Time to Knit a Big Old Cat Butt! FREE Pattern Alert!

Say What? Time to Knit a Big Old Cat Butt! FREE Pattern Alert!. “The Parlor Cat” by Sara Elizabeth Kellner. Get the pattern for free via Ravelry..