Re: [HTCondor-users] output file transfer using oauth token

Mailing List Archives Authenticated access	UW Madison Computer Sciences Department Computer Systems Lab

From: Todd Tannenbaum <tannenba@xxxxxxxxxxx>
Sent: Thursday, October 27, 2022 5:00 PM
To: Kevin Retzke via HTCondor-users <htcondor-users@xxxxxxxxxxx>
Cc: Dave Dykstra <dwd@xxxxxxxx>; Kevin Retzke <kretzke@xxxxxxxx>
Subject: Re: [HTCondor-users] output file transfer using oauth token

On 10/27/2022 3:14 PM, Kevin Retzke via HTCondor-users wrote:

I'm trying to have a job upload output to dcache over https, authenticating with a scitoken. In my submit file I have:

use_oauth_services = dune
output_destination = dune+https://example.com/foo/bar

Condor does send the token at $_CONDOR_CREDS/dune.use, but this file only contains the encoded token itself, which we expect in order to use the token in the job. However, uploading output fails with "Unable to parse token as JSON", since the file transfer plugin expects the dune.use file to be JSON with the token under the "access_token" field. https://github.com/htcondor/htcondor/blob/main/src/condor_filetransfer_plugins/multifile_curl_plugin.cpp#L131

Is this a bug in the file transfer plugin, or can I just not use the oauth token like that? The documentation suggests it should work in https://htcondor.readthedocs.io/en/latest/users-manual/file-transfer.html#file-transfer-using-a-url

condor 9.0.16 on the schedd

Thanks,

Kevin

Hi Kevin,

Thank you for the detailed report and your nice (source code) investigative work above!

Question: what issued you the scitoken? was it Vault? a local issuer? or?

Initial thinking here the .use file, if created by the oauth2 credmon, is JSON. But if it is the Vault credmon instead, then... looks like it is raw. Just want to confirm what you are using before we decide how to go about fixing it.

Thanks
Todd

Mailing List Archives

Authenticated access

Re: [HTCondor-users] output file transfer using oauth token