When using ZTN to pass the scitoken, the token reaches `XrdAccSciTokens::Validate()` as expected. However, a later call to `XrdAccSciTokens::Access()` fails.
https://github.com/xrootd/xrootd/blob/10d27966ce0a6637e988df5a7c43bdaad7d09b24/src/XrdSciTokens/XrdSciTokensAccess.cc#L312-L314
`Access()` expects to find the token with `env->Get("authz")` which I believe is only true for HTTPS.
With the current flow, it seems `Validate()` does a `scitoken_deserialize()` to process the token, and leaves ACLs to `Access()`. Then `Access()` generates ACLs, and puts them into a cache (keyed by the JWT).
As for possible solutions, the token could be stored in `Validate()` (which seems like something to avoid). Or we could refactor to instead generate the ACLs in `Validate()`.
--
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/1584
You are receiving this because you are subscribed to this thread.
Message ID: <[log in to unmask]>
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
