Globus Connect Server User Credentials Box Create
Description
The globus-connect-server user-credentials box-create command creates a credential to use to access data on collections created on the Box storage gateway indicated by the STORAGE_GATEWAY_ID argument.
This command will only work on Box storage gateways which do not use enterprise credentials. These are created with the --box-client-id and --box-client-secret command-line options.
This command has a single required parameter, --globus-identity, which can be used to specify either the value of the username or id properties of an identity document.
By default, this command assumes that an identity mapping exists which maps
the requested globus identity to its username. For example, the identity in
the given identity document maps to the username field user@example.org
:
{
"email": "user@example.org",
"id": "ac63b982-d7c3-4b09-abe7-63766ff8f534",
"identity_provider": "c523cb22-3f79-4964-91c0-9b4a13ff6b9f",
"identity_type": "login",
"name": "Joe User",
"organization": "Example",
"status": "used",
"username": "user@example.org"
}
To override this, use the --mapped-user command-line option. Note that the credential can only be created if the identity mapping is valid for that storage gateway and the caller has permissions to create the credential.
This command will output a URL which the caller must log into using a web browser to create the authorization code that the endpoint can use to obtain a token to access the caller’s box storage. Once the GCS Manager obtains the token, it will display a success web page in the browser used to authenticate.
Options
- -h, --help
-
Show help message and exit.
- --version
-
Show the version and exit.
- --globus-identity [UUID|USERNAME]
-
Globus identity id or username id to associate the credential with
- --mapped-user USERNAME
-
GCSv5 mapped identity username. If not provided, defaults to the Globus identity username
- --use-explicit-host IP_ADDRESS
-
IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.
Example
This example initiates the box authentication flow to generate a token for the endpoint.
globus-connect-server user-credentials box-create --globus-identity user@example.org To complete credential creation, visit https://account.box.com/api/oauth2/authorize?client_id=CLIENT&redirect_uri=https%3A%2F%2Fdata.example.org%2Fapi%2Fv1%2Fauthcallback&scope=root_readwrite&access_type=offline&response_type=code&state=JWT_DATA&box_login=user%40example.org