Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: add support for audience claim in role config #23

Open
rdt12 opened this issue Nov 4, 2021 · 1 comment
Open

Feature request: add support for audience claim in role config #23

rdt12 opened this issue Nov 4, 2021 · 1 comment

Comments

@rdt12
Copy link

rdt12 commented Nov 4, 2021

Hi Dave,

This was discussed in #ligo-scitokens on the OSG slack. I'm adding it here so it isn't forgotten.

I think it would be very useful to be able to restrict the audience as well as the scope when defining a role. It seems like this could be implemented by setting token_url_params in the role config.

Thanks, Ron

@DrDaveD
Copy link
Contributor

DrDaveD commented Dec 9, 2021

I'm not convinced that a role should define an audience. Audiences are intended to distinguish between different servers for very similar services, and roles probably should be associated with a service. I think that if it's actually a different service that you're trying to distinguish between that it makes more sense to associate that with different scopes, and roles already map to scopes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants