Support validating tokens without an outbound network connection

cvmfs-contrib / cvmfs-x509-helper

Authorization helper for VOMS/X.509 proxies

BSD 3-Clause "New" or "Revised" License

1 stars 6 forks source link

Support validating tokens without an outbound network connection #33

Open duncanmmacleod opened 2 years ago

duncanmmacleod commented 2 years ago

Currently the cvmfs-scitoken-helper cannot operate on tokens without an outbound network connection (unlike the case with X.509 credentials, which works fine). This means that tokens cannot be used for CVMFS authz for LIGO on cluster nodes that aren't exposed to the external network (eg in Cardiff).

Is it possible to support this?

FYI I posted a similar ticket for scitokens-cpp at https://github.com/scitokens/scitokens-cpp/issues/97.

DrDaveD commented 2 years ago

This will have to wait for scitokens-cpp to add the functionality.