You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there's no way to identify/record who sends an event. This is a blocker for Jupyter Server client event via the eventlog endpoint since without this, anyone can send any event whose schema has been registered, e.g. a client would be able to emit a fake server event or mimic another client's events...
Another issue discussed at the Jupyter server meeting 29/4 jupyter-server/team-compass#4 (comment).
Currently there's no way to identify/record who sends an event. This is a blocker for Jupyter Server client event via the
eventlogendpoint since without this, anyone can send any event whose schema has been registered, e.g. a client would be able to emit a fake server event or mimic another client's events...The JEP mentioned authenticated user but only for JupyterHub.
One potential approach proposed by Min is JSON Web Token (JWT) where users sign the event using JWT.
The text was updated successfully, but these errors were encountered: