Skip to content

Client token selection logic ignores Scitokens JWTs #2130

New issue
New issue
Open
Bug
#2223
Open
Client token selection logic ignores Scitokens JWTs#2130
Bug
#2223
Labels
bugSomething isn't workingclientIssue affecting the OSDF clientcreate-patchcriticalHigh priority for next releasepluginIssue affecting the file transfer plugin
Milestone
 
v7.17
@brianhlin

Description

@brianhlin
brianhlin
opened on Mar 21, 2025

Pelican Version:

7.14.1

Pelican Service:

  • Client
  • Plugin
  • Registry
  • Director
  • Origin
  • Cache
  • Other (please give the detail)

Describe the bug
When Pelican is presented with multiple SciTokens, it cannot find the correct one because it deems non-WLCG tokens as unacceptable (https://github.com/PelicanPlatform/pelican/blob/main/client/acquire_token.go#L441-L444). The client may get lucky picking the correct token if it's named scitokens.use or in the absence of a scitokens.use, whatever token comes first in the filepath.Walk (https://github.com/PelicanPlatform/pelican/blob/main/client/acquire_token.go#L201).

To Reproduce
Generate a JWT with ver: "scitokens:2.0" and pass it to pelican object get -d -t <path to token>. You should always get a warning:

Using provided token even though it does not appear to be acceptable to perform transfer

Expected behavior
I expect Pelican to be able to perform the same acceptability checks (e.g., scope + path comparisons) for SciTokens as it does for WLCG tokens

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingclientIssue affecting the OSDF clientcreate-patchcriticalHigh priority for next releasepluginIssue affecting the file transfer plugin

    Type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions