igwn-auth-utils falls over with InvalidAuthorizationResource when token scope includes colon and relative path
find_token
errors when inspecting tokens with a claim like igwn.robot:read-cvmfs-emfollow-test
:
$ python3 -c "from igwn_auth_utils.scitokens import find_token; find_token('LIGO', 'read:/ligo')"
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.6/site-packages/igwn_auth_utils/scitokens.py", line 277, in find_token
timeleft=timeleft,
File "/usr/lib/python3.6/site-packages/igwn_auth_utils/scitokens.py", line 101, in is_valid_token
return enforcer.test(token, authz, path=path)
File "/usr/lib/python3.6/site-packages/scitokens/scitokens.py", line 555, in test
self._validator.validate(token, critical_claims=critical_claims)
File "/usr/lib/python3.6/site-packages/scitokens/scitokens.py", line 439, in validate
if not validator(value):
File "/usr/lib/python3.6/site-packages/scitokens/scitokens.py", line 708, in _validate_scope
authz, norm_path = self._check_scope(scope)
File "/usr/lib/python3.6/site-packages/scitokens/scitokens.py", line 673, in _check_scope
raise InvalidAuthorizationResource("Token contains a relative path in scope")
scitokens.scitokens.InvalidAuthorizationResource: Token contains a relative path in scope
See Draft: Add enviroment variable to read scitoken... (emfollow/gwcelery!1341 - closed)
Edited by Duncan Macleod