System - Originating repo is not being used in DB authz method

[dvstans]

The purpose of this parameter was to ensure that the globus path is consistent with the repo server making the auth request. This is not a critical problem, as the download would fail if the wrong repo is being asked to initiate a transfer, but it would be good to deny the request and log the error in order to detect logic errors or potential attacks on the repo server.

[JoshuaSBrown]

I'm not clear on what this issue is about. Is this the authz method in the core server?

Or is it a parameter that can be used in one of the API routes available in the DataFed Foxx API?

Probably both...

[dvstans]

The GridFTP authz library sends the repo ID to the core/DB as part of the auth process. Currently it's not used, but it should be to help confirm that the transfer request is from valid DataFed managed transfer request. (Currently it only checks that the associates user has access.)