You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trying to authorize a client with oauth-ssh-token through Globus with the command (where client-id is the uuid of the "client secrets" generated from an app registration):
oauth-ssh-token authorize hostnaname.foo.com --identity [email protected] --client-id 1234567-12334-1234-1234-123456789
Please go to this URL and login: https://auth.globus.org/v2/oauth2/authorize?redirect_uri=https%3A%2F%2Fauth.globus.org%2Fv2%2Fweb%2Fauth-code&client_id=48b0122345-11234-1234-1234-12345677&access_type=offline&state=_default&code_challenge=M4MUeWXiSz11uxkVKOQGQhn9d98zW9A0IQKsdfmcg7g&code_challenge_method=S256&response_type=code&scope=https%3A%2F%2Fauth.globus.org%2Fscopes%2F1234567-12334-1234-1234-123456789%2Fssh&session_message=The+SSH+service+requires+that+you+authenticate+using+this+identity%3A&session_required_identities=789876544-12345677-4318-876e-08f3d2f7138d
Please enter the code you get after login here:
I copy/paste the url into a browser, but Globus returns an error about an unknown scope:
Unknown scope(s)
Sorry, but we encountered a problem while servicing your request.
client_id=48b0122345-11234-1234-1234-12345677 requested unknown scopes: ['https://auth.globus.org/scopes/1234567-12334-1234-1234-123456789']
Occurred at time:
2023-09-22T20:56:59.557105+00:00
Error ID:
f5b5939495dc4c6cbfe585ef48b2f1fb
Error code:
UNKNOWN_SCOPE_ERROR
Looking at how scope is set in globus_auth.py,
scope = SCOPE_FORMAT.format(fqdn=fqdn)
It looks like the scope is just the fqdn passed to the command, which I think correlates to the app registration of SSH@fqdn as instructed in the server setup.
Has the scope requirements changed? Or am I now registering an app incorrectly and not creating the correct scope?
Jeff
The text was updated successfully, but these errors were encountered:
Trying to authorize a client with oauth-ssh-token through Globus with the command (where client-id is the uuid of the "client secrets" generated from an app registration):
I copy/paste the url into a browser, but Globus returns an error about an unknown scope:
Looking at how scope is set in globus_auth.py,
It looks like the scope is just the fqdn passed to the command, which I think correlates to the app registration of SSH@fqdn as instructed in the server setup.
Has the scope requirements changed? Or am I now registering an app incorrectly and not creating the correct scope?
Jeff
The text was updated successfully, but these errors were encountered: