fermitools / declad

BSD 3-Clause "New" or "Revised" License
1 stars 2 forks source link

Support SciTokens for authentication #3

Closed marcmengel closed 4 months ago

marcmengel commented 9 months ago

Currently Declad is coded assuming you're going to have an X509 service certificate, which then has to be registered with:

and mapped to suitable account/permissions; and of course this has to be redone whenever our service certificate DN's change, and of course the service cert has to be redone annually.

We could configure it (once the newer Rucio versions are out) to use SciTokens to authenticate all these places, assuming we have our Managed Token service push a token to the host with the Declad, but there are several places in the current code that assume x509 authentication that would need to be changed to grab the SciToken and set the Authentication: Bearer ... header.

marcmengel commented 4 months ago

This is implemented in #24