Skip to content

Instantly share code, notes, and snippets.

@NickolausDS
Created March 24, 2022 15:47
Show Gist options
  • Save NickolausDS/98bc6e55276542acbb70f94da07fea9f to your computer and use it in GitHub Desktop.
Save NickolausDS/98bc6e55276542acbb70f94da07fea9f to your computer and use it in GitHub Desktop.
Making a Globus App a Resource Server
# This is a script to create a new Globus Scope for an existing Globus
# App. This script only needs to be run once, after that the scope will
# exist for the lifetime of the app or until it is deleted.
#
# You can create a new Globus App at https://developers.globus.org/
# Detailed documentation about the API class below can be found here:
# https://docs.globus.org/api/auth/reference/#clients_and_scopes_api
# You need to set the following before running this script!
# export CLIENT_ID=<client_id>
# export CLIENT_SECRET=<client_secret>
# Here is the dependent scope we want the service to access on behalf of the
# user. The scope ID is already hardcoded in the CUSTOM_SCOPE below, but we
# will also demonstrate doing a lookup using the scrope string here.
SCOPE_STRING=urn:globus:auth:scope:transfer.api.globus.org:all
# https://docs.globus.org/api/auth/reference/#create_scope
CUSTOM_SCOPE='{
"scope": {
"name": "GenePattern Transfer",
"description": "Transfer to and from GenePattern Collections",
"scope_suffix": "genepattern_transfer",
"dependent_scopes": [
{
"optional": false,
"requires_refresh_token": true,
"scope": "80fa5a88-ae26-4db7-be3a-c5f4cf4ac8d2"
}
],
"advertised": true,
"allow_refresh_tokens": true
}
}'
# Show info about the current app
echo "Fetching Current Globus App information"
curl -s --user $CLIENT_ID:$CLIENT_SECRET \
https://auth.globus.org/v2/api/clients/$CLIENT_ID | jq
# Show information about the dependent scope being set above
echo "Fetching the scope id for Globus Transfer. This should match the dependent scope being set on CUSTOM_SCOPE"
curl -s -u "$CLIENT_ID:$CLIENT_SECRET" \
"https://auth.globus.org/v2/api/scopes?scope_strings=$SCOPE_STRING" | jq ".scopes[0].id"
# Create a new scope with a dependent scope
echo "Creating new scope..."
curl -s --user "$CLIENT_ID:$CLIENT_SECRET" -H \
'Content-Type: application/json' \
-XPOST https://auth.globus.org/v2/api/clients/$CLIENT_ID/scopes \
-d "$CUSTOM_SCOPE" | jq
# Show info about the current app
echo "Fetching Current Globus App information"
NEW_SCOPE_ID=`curl -s --user $CLIENT_ID:$CLIENT_SECRET \
https://auth.globus.org/v2/api/clients/$CLIENT_ID | jq -r ".client.scopes[0]"`
curl -s --user $CLIENT_ID:$CLIENT_SECRET \
https://auth.globus.org/v2/api/clients/$CLIENT_ID/scopes/$NEW_SCOPE_ID | jq
echo "Users can login with the 'scope_string' defined above"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment