Working with SciTokens

SciTokens are a specific implementation of JSON Web Token that are used by IGWN to authorise access to resources.

Each SciToken declares a number of claims that describe the resources that the bearer of the token is authorised to access; each service that accepts SciTokens validates the token (that it was issued by a supported token issuer) and grants or denies access for that request based entirely on the presented claims.

API

igwn_auth_utils provides the following methods for interacting with SciTokens:

find_scitoken(audience, scope[, issuer, ...])	Find and load a SciToken for the given audience and scope.
get_scitoken(*args[, outfile, minsecs, quiet])	Get a new SciToken using htgettoken and return its file location.
scitoken_authorization_header(token[, scheme])	Format an in-memory token for use in an HTTP Authorization Header.

Enable/disable automatic discovery

Automatic discovery of SciTokens when making requests can be enabled or disabled from the environment, see IGWN_AUTH_UTILS_FIND_SCITOKEN.