You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This was discussed in #ligo-scitokens on the OSG slack. I'm adding it here so it isn't forgotten.
I think it would be very useful to be able to restrict the audience as well as the scope when defining a role. It seems like this could be implemented by setting token_url_params in the role config.
Thanks, Ron
The text was updated successfully, but these errors were encountered:
I'm not convinced that a role should define an audience. Audiences are intended to distinguish between different servers for very similar services, and roles probably should be associated with a service. I think that if it's actually a different service that you're trying to distinguish between that it makes more sense to associate that with different scopes, and roles already map to scopes.
Hi Dave,
This was discussed in #ligo-scitokens on the OSG slack. I'm adding it here so it isn't forgotten.
I think it would be very useful to be able to restrict the audience as well as the scope when defining a role. It seems like this could be implemented by setting token_url_params in the role config.
Thanks, Ron
The text was updated successfully, but these errors were encountered: