Correct token is being rejected

[opadron]

Description

My token is being rejected. I am pretty confident that the token I am providing is correct. I have tried providing the token in the URL, and via the web UI. The token is rejected in both cases.

Reproduce

Running quay.io/jupyter/datascience-notebook:2025-04-04 in a local kubernetes cluster. The service is exposed using an ingress resource with ingress-nginx.

Token is set using JUPYTER_TOKEN_FILE. Relevant section of the deployment yaml:

    spec:
      containers:
        - name: main
          image: "quay.io/jupyter/datascience-notebook:2025-04-04"
          command:
            - "start-notebook.py"
            - "--ServerApp.trust_xheaders=true"
          env:
            - name: JUPYTER_TOKEN_FILE
              value: /jupyter-secrets/token
          volumeMounts:
            - name: jupyter-secret
              mountPath: /jupyter-secrets
              readOnly: true
      volumes:
        - name: jupyter-secret
          secret:
            secretName: jupyter

with corresponding secret jupyter with key token preset, accordingly.

Contents of the file, as mounted on the container, are manually verified by

 $ kubectl exec -ti deployments/jupyter -- bash -il

 $ jupyter server list
Currently running servers:
http://localhost:8888/?token=<MY_TOKEN>
 :: /home/jovyan

$ cat /jupyter-secrets/token
<MY_TOKEN>

Expected behavior

Token is accepted and I am redirected to the main UI.

Context

• Operating System and version:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04.2 LTS
Release:        24.04
Codename:       noble

• Browser and version:

Tried from Windows laptop using both chrome and firefox.

Google Chrome | 134.0.6998.118 (Official Build) (64-bit) (cohort: Control)
-- | --
Revision | 6872a1daec36b43916ec4b91c7cb3899762cf853-refs/branch-heads/6998_112@{#4}
OS | Windows 11 Version 23H2 (Build 22631.5039)
JavaScript | V8 13.4.114.21
User Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36

Name 	Firefox
Version 	137.0
Build ID 	20250327043313
User Agent 	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:137.0) Gecko/20100101 Firefox/137.0
OS 	Windows_NT 10.0 22631

• Jupyter Notebook version:
  quay.io/jupyter/datascience-notebook:2025-04-04

[opadron]

I have just tried again. This time allowing jupyter to generate its own token. Using the generated token, I was successful in my attempt to provide the token and access the main UI.

I suspect that there may be restrictions on the characters that can go into the token, or perhaps restrictions on token length? Would appreciate any pointers to any docs covering such details.

[opadron]

My sincerest apologies for the unnecessary issue.

I managed to forget to take care when encoding my kubernetes secrets.

echo my_token | base64 preserves the newline at the end of the echo output.

Forgetting to use echo -n is a common mistake that I somehow fell victim to, again, despite knowing better!

To anyone deploying on kubernetes, do be sure to double-check your secrets for trailing \n. Don't make the same mistake I did!

Sorry, again!