When using ZTN to pass the scitoken, the token reaches `XrdAccSciTokens::Validate()` as expected. However, a later call to `XrdAccSciTokens::Access()` fails. https://github.com/xrootd/xrootd/blob/10d27966ce0a6637e988df5a7c43bdaad7d09b24/src/XrdSciTokens/XrdSciTokensAccess.cc#L312-L314 `Access()` expects to find the token with `env->Get("authz")` which I believe is only true for HTTPS. With the current flow, it seems `Validate()` does a `scitoken_deserialize()` to process the token, and leaves ACLs to `Access()`. Then `Access()` generates ACLs, and puts them into a cache (keyed by the JWT). As for possible solutions, the token could be stored in `Validate()` (which seems like something to avoid). Or we could refactor to instead generate the ACLs in `Validate()`. -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1584 You are receiving this because you are subscribed to this thread. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1