No, it is precisely what I thought we were not supposed to do. Perhaps I misunderstood the discussion I had with @abh3 but the ZTN token is considered a "throw away" ... that the authorization token which appears as the opaque 'authz=' value needs to be there. I remember this because I originally implemented authorization to fallback on the ZTN token if there is no authz= and then changed it. Obviously, if the fallback is what we want, I can reimplement. -- Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/1584#issuecomment-1034948218 You are receiving this because you commented. Message ID: <[log in to unmask]> ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1