Created
March 24, 2022 15:47
-
-
Save NickolausDS/98bc6e55276542acbb70f94da07fea9f to your computer and use it in GitHub Desktop.
Making a Globus App a Resource Server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is a script to create a new Globus Scope for an existing Globus | |
# App. This script only needs to be run once, after that the scope will | |
# exist for the lifetime of the app or until it is deleted. | |
# | |
# You can create a new Globus App at https://developers.globus.org/ | |
# Detailed documentation about the API class below can be found here: | |
# https://docs.globus.org/api/auth/reference/#clients_and_scopes_api | |
# You need to set the following before running this script! | |
# export CLIENT_ID=<client_id> | |
# export CLIENT_SECRET=<client_secret> | |
# Here is the dependent scope we want the service to access on behalf of the | |
# user. The scope ID is already hardcoded in the CUSTOM_SCOPE below, but we | |
# will also demonstrate doing a lookup using the scrope string here. | |
SCOPE_STRING=urn:globus:auth:scope:transfer.api.globus.org:all | |
# https://docs.globus.org/api/auth/reference/#create_scope | |
CUSTOM_SCOPE='{ | |
"scope": { | |
"name": "GenePattern Transfer", | |
"description": "Transfer to and from GenePattern Collections", | |
"scope_suffix": "genepattern_transfer", | |
"dependent_scopes": [ | |
{ | |
"optional": false, | |
"requires_refresh_token": true, | |
"scope": "80fa5a88-ae26-4db7-be3a-c5f4cf4ac8d2" | |
} | |
], | |
"advertised": true, | |
"allow_refresh_tokens": true | |
} | |
}' | |
# Show info about the current app | |
echo "Fetching Current Globus App information" | |
curl -s --user $CLIENT_ID:$CLIENT_SECRET \ | |
https://auth.globus.org/v2/api/clients/$CLIENT_ID | jq | |
# Show information about the dependent scope being set above | |
echo "Fetching the scope id for Globus Transfer. This should match the dependent scope being set on CUSTOM_SCOPE" | |
curl -s -u "$CLIENT_ID:$CLIENT_SECRET" \ | |
"https://auth.globus.org/v2/api/scopes?scope_strings=$SCOPE_STRING" | jq ".scopes[0].id" | |
# Create a new scope with a dependent scope | |
echo "Creating new scope..." | |
curl -s --user "$CLIENT_ID:$CLIENT_SECRET" -H \ | |
'Content-Type: application/json' \ | |
-XPOST https://auth.globus.org/v2/api/clients/$CLIENT_ID/scopes \ | |
-d "$CUSTOM_SCOPE" | jq | |
# Show info about the current app | |
echo "Fetching Current Globus App information" | |
NEW_SCOPE_ID=`curl -s --user $CLIENT_ID:$CLIENT_SECRET \ | |
https://auth.globus.org/v2/api/clients/$CLIENT_ID | jq -r ".client.scopes[0]"` | |
curl -s --user $CLIENT_ID:$CLIENT_SECRET \ | |
https://auth.globus.org/v2/api/clients/$CLIENT_ID/scopes/$NEW_SCOPE_ID | jq | |
echo "Users can login with the 'scope_string' defined above" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment