Using jupyterhub 0.8.1. while making Rest-Api calls to Jupyterhub (for user/services and Servers management in Jupyterhub) we need to provide Authorization headers with Value
e.g. "token e9f6bdea27b5e3d2bs906ad1de0d2739"
e.g. of header
Authorization: token e9f6bdea27b5e3d2bs906ad1de0d2739
Is there any explanation for "token" keyword in value of header?
Authorization is a request header. The browser sends this header to the server to authenticate the client.
The syntax for the Authorization header is:
Authorization: <type> <credentials>
In your example, token is the name of the authentication scheme to be used to authenticate the user.
There are other schemes (types) of authentication/authorization, for example Basic, Bearer, OAuth, etc. That means, all these keywords can also take the place of token keyword in the header depending on which scheme is being used.
Every authentication scheme has it's own way of authenticating the client.
So, the keyword token tells the server to use token auth scheme to authenticate this client. Without this keyword, the server wouldn't know how to authenticate the user.
Example:
Let's talk about Basic auth a little. The Authorization header would look like this in case of Basic auth:
Authorization: Basic asldkfj89s7flsjfl==
\_________________/
|
This part is base64 encoding of
<username:password> of the client
So, when the request reaches the server, it can tell which type of authentication scheme the client is using to authenticate itself. From the above example, it's Basic auth.
In Basic auth, the <credentials> part is a base64 encoding of the client's <username:password>. Now,
the server knows that this is Basic auth, so it will know how to authenticate the client - by decoding the base64 credentials and looking at the username and password.
If it were some other auth scheme, server will process the <credentials> in a different way to authenticate the user.