Globus Connect Server Administration Guides
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
Skip to main content
Globus Docs
  • APIs
    Auth Flows Groups Search Timers Transfer Globus Connect Server Compute Helper Pages
  • Applications
    Globus Connect Personal Globus Connect Server Premium Storage Connectors Compute Command Line Interface Python SDK JavaScript SDK
  • Guides
  • Support
    FAQs Mailing Lists Contact Us Check Support Tickets
  1. Home
  2. Globus Connect Server
  3. v5.4
  4. Command-Line Reference
  5. User Credentials
  6. OAuth Create

Globus Connect Server User Credentials OAuth Create

Name

globus-connect-server user-credentials oauth-create - Create OAuth2 user credential

Synopsis

globus-connect-server user-credentials oauth-create STORAGE_GATEWAY_ID [OPTIONS]…​

Description

The globus-connect-server user-credentials oauth-create command creates a OAuth2 based credential to use to access data on collections created on the storage gateway indicated by the STORAGE_GATEWAY_ID argument.

This command will only work on storage gateways configured to use OAuth2 user credentials with the Azure Blob, Box, Dropbox, Google Drive, Google Cloud Storage, and OneDrive connectors. This command is not supported with the Azure Blob, Box, or Google Cloud Storage connectors when configured with enterprise or service mode credentials.

This command has a single required parameter, --globus-identity, which can be used to specify either the value of the username or id properties of an identity document.

By default, this command assumes that an identity mapping exists which maps the requested globus identity to its username. For example, the identity in the given identity document maps to the username field user@example.org:

{
  "email": "user@example.org",
  "id": "ac63b982-d7c3-4b09-abe7-63766ff8f534",
  "identity_provider": "c523cb22-3f79-4964-91c0-9b4a13ff6b9f",
  "identity_type": "login",
  "name": "Joe User",
  "organization": "Example",
  "status": "used",
  "username": "user@example.org"
}

To override this, use the --mapped-user command-line option. Note that the credential can only be created if the identity mapping is valid for that storage gateway and the caller has permissions to create the credential.

This command will output a URL which the caller must log into using a web browser to create the authorization code that the endpoint can use to obtain a token to access the caller’s cloud storage. Once the GCS Manager obtains the token, it will display a success web page in the browser used to authenticate.

Options

-h, --help

Show help message and exit.

--version

Show the version and exit.

--globus-identity [UUID|USERNAME]

Globus identity id or username id to associate the credential with

--mapped-user USERNAME

GCSv5 mapped identity username. If not provided, defaults to the Globus identity username

--use-explicit-host IP_ADDRESS

IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.

Example

This example initiates an authentication flow with Box.com to request credentials for a Box storage-gateway with id 68556821-8fe5-4075-819b-9d93de39077f.

globus-connect-server user-credentials oauth-create 68556821-8fe5-4075-819b-9d93de39077f --globus-identity user@example.org
To complete credential creation, visit
https://account.box.com/api/oauth2/authorize?client_id=CLIENT&redirect_uri=https%3A%2F%2Fdata.example.org%2Fapi%2Fv1%2Fauthcallback&scope=root_readwrite&access_type=offline&response_type=code&state=JWT_DATA&box_login=user%40example.org
  • Quickstart Guide
  • Installation Guide
  • Data Access Admin Guide
  • Domain Guide
  • HTTPS Access to Collections
  • Identity Mapping Admin Guide
  • Globus OIDC Installation Guide
  • Troubleshooting Guide
  • Command-Line Reference
    • Command summary
    • Audit
      • Load
      • Query
      • Dump
    • Endpoint
      • Setup
      • Show
      • Update
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription ID
      • Cleanup
      • Key Convert
      • Domain
      • Role
      • Upgrade
    • OIDC
      • Create
      • Delete
      • Register
      • Show
      • Update
    • Node
      • Create
      • Disable
      • Enable
      • New Secret
      • Setup
      • List
      • Show
      • Update
      • Cleanup
      • Delete
    • Login
    • Session
      • Consent
      • Show
      • Update
    • Whoami
    • Logout
    • Storage Gateway
      • Create
      • List
      • Show
      • Update
      • Delete
    • Collection
      • Create
      • List
      • Show
      • Batch Delete
      • Reset Advertised Owner String
      • Set Advertised Owner String
      • Set Owner
      • Set Subscription Admin Verified Collection Property
      • Update
      • Delete
      • Domain
      • Check
      • Role
    • Auth Policy
      • Create
      • List
      • Show
      • Update
      • Delete
    • Sharing Policy
      • Create
      • List
      • Show
      • Delete
    • User Credentials
      • Activescale Create
      • OAuth Create
      • Delete
      • List
      • S3 Create
      • S3 Keys Add
      • S3 Keys Delete
      • S3 Keys Update
    • Self Diagnostic
  • Globus Connect Server Manager API
    • Authorization
    • Versioning
    • Endpoint
    • Roles
    • Nodes
    • Storage Gateways
    • Collections
    • User Credentials
    • Domains
    • Sharing Policies
  • API Access for Portals
  • Automated Endpoint Deployment
  • Data Access Application Guide
  • Application Migration Guide
  • Change Log
© 2010- The University of Chicago Legal Privacy Accessibility