When the mapping is successful but the scope authz failed the chained authz plugin is called without the mapping info. I am referring to the following line: https://github.com/xrootd/xrootd/blob/master/src/XrdSciTokens/XrdSciTokensAccess.cc#L408 How is the chained authz plugin expected to extract the mapping information from a token that it might not be able to decode? It would help if the new `username` that is now populating the `Entity->eaAPI[request.name]` should also be set for the `new_secentity` that is passed to the `OnMissing` call. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1569 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1