JupyterHub for 11.0

[connersaeli]

This PR adds authentication to and from XDMoD via JSON Web Tokens (JWTs). This is necessary for an instance of XDMoD to communicate with an instance of JupyterHub. This PR also contains UI elements to redirect to an instance of JupyterHub.

Description

These changes include the following additions:

• A JsonWebToken class with encode() and decode() static functions to encode and decode JWTs
• A new dependency for handling JWTs in PHP
• A new method authenticateJSONWebToken() for the Tokens class that accepts a JWT and returns an XDMoD user if it is a valid JWT
• A new endpoint for the AuthenticationControllerProvider class called jwt-redirect that sets a cookie named xdmod_jwt with a valid JWT and redirects to a URL specified in the endpoint's parameter
• A new button to redirect to an instance of JupyterHub that only appears if XDMoD is configured with JupyterHub

The authenticateToken method in the Tokens class is also updated to handle both API tokens and JSON Web Tokens.

Motivation and Context

The changes in this PR are necessary to allow communication between instances of XDMoD and JupyterHub.

Tests performed

Checklist:

• The pull request description is suitable for a Changelog entry
• The milestone is set correctly on the pull request
• The appropriate labels have been added to the pull request

[ryanrath]

Just a heads up, when I check out the repo and attempt to composer install I get an error:

$ composer install
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
- Required package "firebase/php-jwt" is not present in the lock file.
This usually happens when composer files are incorrectly merged or the composer.json file is manually edited.
Read more about correctly resolving merge conflicts https://getcomposer.org/doc/articles/resolving-merge-conflicts.md
and prefer using the "require" command over editing the composer.json file directly https://getcomposer.org/doc/03-cli.md#require-r

just a quick composer require firebase/php-jwt I think should fix it.

[ryanrath]

After fixing the missing private static property in JsonWebToken I've run into the following:

2025-06-30 21:14:31 [error] Exception Code: 0
2025-06-30 21:14:31 [error] Message: OpenSSL unable to sign data
2025-06-30 21:14:31 [error] Origin: /usr/share/xdmod/vendor/firebase/php-jwt/src/JWT.php (line 256)
2025-06-30 21:14:31 [error] Trace:
#0 /usr/share/xdmod/vendor/firebase/php-jwt/src/JWT.php(219): Firebase\JWT\JWT::sign()
#1 /usr/share/xdmod/classes/Models/Services/JsonWebToken.php(34): Firebase\JWT\JWT::encode()
#2 /usr/share/xdmod/classes/Rest/Controllers/AuthenticationControllerProvider.php(139): Models\Services\JsonWebToken::encode()
#3 /usr/share/xdmod/vendor/symfony/http-kernel/HttpKernel.php(169): Rest\Controllers\AuthenticationControllerProvider->redirectWithJwt()
#4 /usr/share/xdmod/vendor/symfony/http-kernel/HttpKernel.php(81): Symfony\Component\HttpKernel\HttpKernel->handleRaw()
#5 /usr/share/xdmod/vendor/silex/silex/src/Silex/Application.php(496): Symfony\Component\HttpKernel\HttpKernel->handle()
#6 /usr/share/xdmod/vendor/silex/silex/src/Silex/Application.php(477): Silex\Application->handle()
#7 /usr/share/xdmod/html/rest/index.php(25): Silex\Application->run()
#8 {main}

I'm guessing there's some setup steps that need to be done maybe?

Edit: I just needed to run the following:

ssh-keygen -t rsa -b 4096 -m PEM -f /etc/xdmod/keys/xdmod-private.pem

maybe it could be added to bootstrap.sh?

Review comments addressed