Commit fa7ba6de authored by Carles Garcia Cabot's avatar Carles Garcia Cabot
Browse files

Merge branch 'FTS-1670' into 'develop'

Add wlcg.groups scope when exchanging a token

Closes FTS-1670

See merge request !44
parents 5c1c5b0a 4dca1e75
Pipeline #1944739 failed with stage
in 24 seconds
...@@ -220,10 +220,13 @@ class FTS3OAuth2ResourceProvider(ResourceProvider): ...@@ -220,10 +220,13 @@ class FTS3OAuth2ResourceProvider(ResourceProvider):
try: try:
if 'wlcg' in credential['iss']: if 'wlcg' in credential['iss']:
# Hardcoded scope and audience for wlcg tokens. To change once the wlcg standard evolves # Hardcoded scope and audience for wlcg tokens. To change once the wlcg standard evolves
scope = 'offline_access openid storage.read:/ storage.modify:/' scope = 'offline_access openid storage.read:/ storage.modify:/ wlcg.groups'
audience = 'https://wlcg.cern.ch/jwt/v1/any' audience = 'https://wlcg.cern.ch/jwt/v1/any'
access_token, refresh_token = oidc_manager.generate_token_with_scope(credential['iss'], access_token, refresh_token = oidc_manager.generate_token_with_scope(credential['iss'],
access_token, scope, audience) access_token,
scope,
audience,
)
else: else:
refresh_token = oidc_manager.generate_refresh_token(credential['iss'], access_token) refresh_token = oidc_manager.generate_refresh_token(credential['iss'], access_token)
except Exception: except Exception:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment