Closed glpatcern closed 2 years ago
mpatrascoiu
commented
2 years ago Hello Giuseppe,
I understand this is still WIP so I won't touch on functionality.
Could I ask you to please split the change so far in two separate commits:
Cheers,
Mihai
glpatcern
commented
2 years ago A couple of questions/clarifications. Let's assume we do a TPC between Reva and a WLCG site powered by dCache. For the two cases:
1) dCache is the active side, Reva the passive. Is dCache expecting a TransferHeaderAuthorization header in all cases, to be passed to the passive end (Reva) as Authorization: Bearer token?
2) Reva is the active side, dCache is the passive end. How is GFAL supposed to get ~the two tokens~ the token (for Reva and for the passive end), so to put it as header in the COPY request to Reva? For now we're taking it from the environment but I guess this relates to the discussion we had with @mpatrascoiu a few days ago, about the ability to have "custom tokens" for each request.
glpatcern
commented
2 years ago OK, it's confirmed we need auth bearer tokens in Reva, so the patch is ready for merge.
We'd still need to discuss about those points that concern the overall functionality, but that's independent from the PR.
glpatcern
commented
2 years ago As discussed today, this is likely NOT to be merged. Will deal with it after testing GFAL with standard bearer tokens.
glpatcern
commented
2 years ago Following successful tests with standard bearer tokens, I will create a separate PR to clean up some code that is not needed any longer.
This PR fixes the headers to use the standard
Authorization: Bearertokens against Reva and simplifies the whole authentication by requiring a single token to the user.