The DNASC app needs authorization tokens to access Globus APIs. These tokens are obtained
from Globus Auth using Client Credentials Authentication.
Client Credentials Authentication is defined by an OAuth2
protocol and implemented by the Globus SDK. This type of authentication involves an application to
register itself with Globus Auth using its own set of credentials, i.e. a client ID and a client secret.
The Globus SDK documentation shows how to use client credentials to authenticate a python app.
Preparation
The app needs to have a Globus identity in order use Client Credentials Authentication.
This identity can be created by registering an app with Globus using the following steps:
Register an app in the developer section of the Globus app. Use the "application credentials"-style of app.
Create a client secret for the app.
Grant the client's identity the role of "Access Manager" on a collection.
Application credentials have been created for the DNASC app:
Client ID:ee5204b1-b61f-45a1-8ea0-c1eea97125b6
Globus SDK Usage
The Globus SDK implements all necessary authorization functionality. Rather than having to juggle
tokens and refresh them manually, the SDK provides special classes for authorizing a "confidential client" with Globus Auth:
Class Name
Inputs
ConfidentialAppAuthClient
Client ID, Client Secret
ClientCredentialsAuthorizer
ConfidentialAppAuthClient, Scopes
An instance of ClientCredentialsAuthorizer can be used by other Globus clients
to authenticate any API call for which the client has been granted access (based on
the scope(s) requested at the time the auth client was authorized). It also automatically
refreshes tokens when they expire.
Client Credentials Authentication
The DNASC app needs authorization tokens to access Globus APIs. These tokens are obtained from Globus Auth using Client Credentials Authentication. Client Credentials Authentication is defined by an OAuth2 protocol and implemented by the Globus SDK. This type of authentication involves an application to register itself with Globus Auth using its own set of credentials, i.e. a client ID and a client secret. The Globus SDK documentation shows how to use client credentials to authenticate a python app.
Preparation
The app needs to have a Globus identity in order use Client Credentials Authentication. This identity can be created by registering an app with Globus using the following steps:
Application credentials have been created for the DNASC app:
ee5204b1-b61f-45a1-8ea0-c1eea97125b6Globus SDK Usage
The Globus SDK implements all necessary authorization functionality. Rather than having to juggle tokens and refresh them manually, the SDK provides special classes for authorizing a "confidential client" with Globus Auth:
ConfidentialAppAuthClientClientCredentialsAuthorizerConfidentialAppAuthClient, ScopesAn instance of
ClientCredentialsAuthorizercan be used by other Globus clients to authenticate any API call for which the client has been granted access (based on the scope(s) requested at the time the auth client was authorized). It also automatically refreshes tokens when they expire.Scopes
Create access rule:
urn:globus:auth:scope:transfer.api.globus.org:all