Skip to content
This repository was archived by the owner on May 23, 2022. It is now read-only.

Commit 1723054

Browse files
matyasselmecimatyasselmeci
committed
Help link, references, and a short debugging section
1 parent 02eecef commit 1723054

File tree

1 file changed

+45
-0
lines changed

1 file changed

+45
-0
lines changed

docs/security/tokens/overview.md

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,3 +201,48 @@ The following collaborations support support file transfer using WebDAV or XRoot
201201
| IceCube | Undergoing testing |
202202
| LIGO | Undergoing testing |
203203
| OSG | N/A |
204+
205+
206+
Debugging Tokens
207+
----------------
208+
209+
Validating a token:
210+
211+
A token must be a _one-line_ string consisting of 3 base64-encoded parts separated by periods (`.`).
212+
You can use the tools in the `scitokens-cpp` RPM to validate a SciToken or WLCG token.
213+
214+
- Run `scitokens-verify <TOKEN>` (where `<TOKEN>` is the text of the token) to validate the token using the issuer.
215+
216+
- Run `scitokens-list-access <TOKEN> <ISSUER> <AUDIENCE>` (where `<TOKEN>` is the text of the token,
217+
`<ISSUER>` is the issuer to verify the token with,
218+
and `<AUDIENCE>` is the server you are using the token to access).
219+
220+
Examining a token:
221+
222+
- Online: paste the token into <https://jwt.io>.
223+
224+
- Offline:
225+
1. Write the token to a file named `tok`.
226+
2. Run `IFS=. read header payload signature < tok`.
227+
3. Run `echo $header | base64 -d` to examine the header.
228+
Run `echo $payload | base64 -d` to examine the payload.
229+
Note: the header or payload may be missing the final padding characters (up to 2 `=` characters);
230+
adding them (e.g. `echo $payload== | base64 -d`) should make base64 stop complaining about "invalid input" or "truncated input".
231+
232+
233+
234+
Help
235+
----
236+
237+
To get assistance, please use the [this page](https://opensciencegrid.org/docs/common/help/).
238+
239+
240+
References and Links
241+
--------------------
242+
243+
- [OSG Technology - Collaborations and Bearer Tokens](https://opensciencegrid.org/technology/policy/collab-bearer-tokens/)
244+
- [JSON Web Tokens](https://jwt.io) - includes token decoder
245+
- [SciTokens](https://scitokens.org)
246+
- [SciToken Claims and Scopes Language](https://scitokens.org/technical_docs/Claims)
247+
- [SciTokens Demo](https://demo.scitokens.org/) - includes token generator, verifier, and links to libraries
248+
- [WLCG Common JWT Profiles](https://github.com/WLCG-AuthZ-WG/common-jwt-profile/blob/master/profile.md)

0 commit comments

Comments
 (0)