Commit 4dca1e75 authored by Carles Garcia Cabot's avatar Carles Garcia Cabot
Browse files

Add wlcg.groups scope when exchanging a token

parent 5c1c5b0a
......@@ -220,10 +220,13 @@ class FTS3OAuth2ResourceProvider(ResourceProvider):
try:
if 'wlcg' in credential['iss']:
# Hardcoded scope and audience for wlcg tokens. To change once the wlcg standard evolves
scope = 'offline_access openid storage.read:/ storage.modify:/'
scope = 'offline_access openid storage.read:/ storage.modify:/ wlcg.groups'
audience = 'https://wlcg.cern.ch/jwt/v1/any'
access_token, refresh_token = oidc_manager.generate_token_with_scope(credential['iss'],
access_token, scope, audience)
access_token,
scope,
audience,
)
else:
refresh_token = oidc_manager.generate_refresh_token(credential['iss'], access_token)
except Exception:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment