Print

Print

:) @alrossi - Well I'm really happy I brought it up then!

I think it comes down to whether-or-not the client should be changed to append the token to the CGI for all requests. This seems ... well, complex to be honest. The CGI should be inserted at all call points if and only if the user didn't override the authz setting and ZTN module was used for authentication - and the logic would need to be duplicated for token discovery (or a new API between the client and the ZTN module added).

I can talk myself into saying @alrossi was right the first time and this should be used as a session token and allow the client to override it if desired.


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.Message ID: <xrootd/xrootd/issues/1584/1035122753@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1035122753", "url": "https://github.com/xrootd/xrootd/issues/1584#issuecomment-1035122753", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1