Rename jhub-apps access_token cookie to be explicit

jhub_apps/service/auth.py

@@ -9,7 +9,7 @@
 logger = structlog.get_logger(__name__)
 
 
-def create_access_token(data: dict, expires_delta: typing.Optional[timedelta] = None):
+def _create_access_token(data: dict, expires_delta: typing.Optional[timedelta] = None):
     logger.info("Creating access token")
     to_encode = data.copy()
     if expires_delta:
@@ -22,7 +22,7 @@ def create_access_token(data: dict, expires_delta: typing.Optional[timedelta] =
     return encoded_jwt
 
 
-def get_jhub_token_from_jwt_token(token):
+def _get_jhub_token_from_jwt_token(token):
     logger.info("Trying to get JHub Apps token from JWT Token")
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,

jhub_apps/service/routes.py

@@ -21,15 +21,15 @@
 from starlette.responses import RedirectResponse
 
 from jhub_apps.hub_client.hub_client import HubClient
-from jhub_apps.service.auth import create_access_token
+from jhub_apps.service.auth import _create_access_token
 from jhub_apps.service.client import get_client
 from jhub_apps.service.models import (
     AuthorizationError,
     HubApiError,
     ServerCreation,
     User,
 )
-from jhub_apps.service.security import get_current_user
+from jhub_apps.service.security import get_current_user, JHUB_APPS_AUTH_COOKIE_NAME
 from jhub_apps.service.utils import (
     get_conda_envs,
     get_jupyterhub_config,
@@ -74,14 +74,14 @@ async def get_token(code: str):
         }
         resp = await client.post("/oauth2/token", data=data)
     access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
-    access_token = create_access_token(
+    access_token = _create_access_token(
         data={"sub": resp.json()}, expires_delta=access_token_expires
     )
     ### resp.json() is {'access_token': <token>, 'token_type': 'Bearer'}
     response = RedirectResponse(
         os.environ["PUBLIC_HOST"] + "/hub/home", status_code=302
     )
-    response.set_cookie(key="access_token", value=access_token, httponly=True)
+    response.set_cookie(key=JHUB_APPS_AUTH_COOKIE_NAME, value=access_token, httponly=True)
     return response
 
 

jhub_apps/service/security.py

@@ -6,7 +6,7 @@
 from fastapi.security.api_key import APIKeyQuery
 
 from jhub_apps.hub_client.hub_client import get_users_and_group_allowed_to_share_with, is_jupyterhub_5
-from .auth import get_jhub_token_from_jwt_token
+from .auth import _get_jhub_token_from_jwt_token
 from .client import get_client
 from .models import User
 
@@ -15,9 +15,11 @@
 ### Authorization: bearer token (header).
 ### Hub technically supports cookie auth too, but it is deprecated so
 ### not being included here.
+JHUB_APPS_AUTH_COOKIE_NAME = "jhub_apps_access_token"
+
 auth_by_param = APIKeyQuery(name="token", auto_error=False)
 
-auth_by_cookie = APIKeyCookie(name="access_token")
+auth_by_cookie = APIKeyCookie(name=JHUB_APPS_AUTH_COOKIE_NAME)
 auth_url = os.environ["PUBLIC_HOST"] + "/hub/api/oauth2/authorize"
 auth_by_header = OAuth2AuthorizationCodeBearer(
     authorizationUrl=auth_url, tokenUrl="oauth_callback", auto_error=False
@@ -50,7 +52,7 @@ async def get_current_user(
             detail="Must login with token parameter or Authorization bearer header",
         )
 
-    token = get_jhub_token_from_jwt_token(token)
+    token = _get_jhub_token_from_jwt_token(token)
 
     async with get_client() as client:
         endpoint = "/user"