Skip to content
Snippets Groups Projects
Unverified Commit 0b7d7070 authored by Duncan Macleod's avatar Duncan Macleod
Browse files

LDBDWAuth: support multiple scitoken issuers

and add igwn-test and CIT local issuer to list of supported issuers
parent 2f449cef
No related branches found
No related tags found
No related merge requests found
Pipeline #598469 passed
......@@ -65,7 +65,11 @@ class ConstantsHandle():
########################
# SciTokens constants #
######################
scitokens_issuer = 'https://cilogon.org/igwn'
scitokens_issuer = [
'https://cilogon.org/igwn',
'https://test.cilogon.org/igwn',
'https://osdf.igwn.org/cit',
]
scitokens_audience = 'https://segments.ligo.org'
scitokens_cache_dir = '/var/cache/httpd'
......
......@@ -219,12 +219,23 @@ class GridmapAuthorization:
# Return.
return r
class MultiIssuerEnforcer(scitokens.Enforcer):
def __init__(self, issuer, **kwargs):
if not isinstance(issuer, (tuple, list)):
issuer = [issuer]
super().__init__(issuer, **kwargs)
def _validate_iss(self, value):
return value in self._issuer
class SciTokensAuthorization():
def __init__(self):
self.admin = Admin.AdminHandle()
self.constant = Constants.ConstantsHandle()
os.environ['XDG_CACHE_HOME'] = self.constant.scitokens_cache_dir
self.token_enforcer = scitokens.Enforcer(self.constant.scitokens_issuer, audience=self.constant.scitokens_audience)
self.token_enforcer = MultiIssuerEnforcer(self.constant.scitokens_issuer, audience=self.constant.scitokens_audience)
def check_authorization_scitoken(self, environ, req_method, full_uri, authorise):
"""Check authorization with a Bearer token.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment