Project

General

Profile

Actions

Bug #17610

closed

[API] Federated token scopes are not obeyed if scopes include "GET .../users/current"

Added by Tom Clegg over 3 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Story points:
-
Release relationship:
Auto

Subtasks 1 (0 open1 closed)

Task #17611: Review 17610-remote-token-scopesResolvedTom Clegg05/03/2021Actions

Related issues

Blocks Arvados - Idea #17512: Release Arvados 2.2ResolvedPeter Amstutz05/03/2021Actions
Actions #1

Updated by Tom Clegg over 3 years ago

  • Target version set to 2021-05-12 sprint
  • Assigned To set to Tom Clegg
  • Status changed from New to In Progress
Actions #2

Updated by Tom Clegg over 3 years ago

Previously, in order for a token to work at a remote cluster, it had to include "GET /arvados/v1/users/current" in scopes.

Now it also has to include "GET /arvados/v1/api_client_authorizations/current".

This allows the remote cluster to obey its scopes and expiry time.

The new behavior only takes effect when both the token-checking cluster and the token-issuing cluster have been upgraded.

17610-remote-token-scopes @ 89fa46a357a5d5fc39721a3ddbe8e857a101eeef -- developer-run-tests: #2448

Actions #3

Updated by Ward Vandewege over 3 years ago

Actions #4

Updated by Ward Vandewege over 3 years ago

Tom Clegg wrote:

Previously, in order for a token to work at a remote cluster, it had to include "GET /arvados/v1/users/current" in scopes.

Now it also has to include "GET /arvados/v1/api_client_authorizations/current".

This allows the remote cluster to obey its scopes and expiry time.

The new behavior only takes effect when both the token-checking cluster and the token-issuing cluster have been upgraded.

17610-remote-token-scopes @ 89fa46a357a5d5fc39721a3ddbe8e857a101eeef -- developer-run-tests: #2448

Thanks, this LGTM!

Actions #5

Updated by Tom Clegg over 3 years ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved
Actions #6

Updated by Peter Amstutz over 3 years ago

  • Release set to 38
Actions

Also available in: Atom PDF