Using jupyterhub 0.8.1. while making Rest-Api calls to Jupyterhub (for user/services and Servers management in Jupyterhub) we need to provide Authorization headers with Value
e.g. "token e9f6bdea27b5e3d2bs906ad1de0d2739"
e.g. of header
Authorization: token e9f6bdea27b5e3d2bs906ad1de0d2739
Is there any explanation for "token" keyword in value of header?
Authorization
is a request header. The browser sends this header to the server to authenticate the client.
The syntax for the Authorization
header is:
Authorization: <type> <credentials>
In your example, token
is the name of the authentication scheme to be used to authenticate the user.
There are other schemes (types) of authentication/authorization, for example Basic
, Bearer
, OAuth
, etc. That means, all these keywords can also take the place of token
keyword in the header depending on which scheme is being used.
Every authentication scheme has it's own way of authenticating the client.
So, the keyword token
tells the server to use token
auth scheme to authenticate this client. Without this keyword, the server wouldn't know how to authenticate the user.
Example:
Let's talk about Basic
auth a little. The Authorization
header would look like this in case of Basic
auth:
Authorization: Basic asldkfj89s7flsjfl==
\_________________/
|
This part is base64 encoding of
<username:password> of the client
So, when the request reaches the server, it can tell which type of authentication scheme the client is using to authenticate itself. From the above example, it's Basic
auth.
In Basic
auth, the <credentials>
part is a base64
encoding of the client's <username:password>
. Now,
the server knows that this is Basic
auth, so it will know how to authenticate the client - by decoding the base64
credentials and looking at the username
and password
.
If it were some other auth scheme, server will process the <credentials>
in a different way to authenticate the user.