Removing Token Authentication From Jupyter/iPython Notebooks

May 31, 2021

Jupyter (formerly iPython) notebooks by default require an authentication token to access. This is because the notebooks allow users to run arbitrary code so the token prevents access by non-authorized users. However, with a properly secured environment (running within a local network or not binding to a public network interface), there’s little need to set an authentication token. While the Jupyter documentation recommends using a password instead, it still doesn’t get around the fact that the default notebook configuration uses unencrypted http connections which allow any party to intercept or modify requests, making both tokens and passwords trivial to bypass. Therefore, to fully get rid of authentication on a Jupyter notebook:

  1. Make sure your notebook is not accessible to the wider internet.
  2. Run jupyter notebook --generate-config
  3. Uncomment the line c.NotebookApp.token = '' and make sure the value is set to an empty string
  4. Restart your notebook server