Globus Connect Server User Credentials OAuth Create

Name

globus-connect-server user-credentials oauth-create - Create OAuth2 user credential

Synopsis

globus-connect-server user-credentials oauth-create STORAGE_GATEWAY_ID [OPTIONS]…

Description

The globus-connect-server user-credentials oauth-create command creates a OAuth2 based credential to use to access data on collections created on the storage gateway indicated by the STORAGE_GATEWAY_ID argument.

This command will only work on storage gateways configured to use OAuth2 user credentials with the Azure Blob, Box, Dropbox, Google Drive, Google Cloud Storage, and OneDrive connectors. This command is not supported with the Azure Blob, Box, or Google Cloud Storage connectors when configured with enterprise or service mode credentials.

This command has a single required parameter, --globus-identity, which can be used to specify either the value of the username or id properties of an identity document.

By default, this command assumes that an identity mapping exists which maps the requested globus identity to its username. For example, the identity in the given identity document maps to the username field user@example.org:

{
  "email": "user@example.org",
  "id": "ac63b982-d7c3-4b09-abe7-63766ff8f534",
  "identity_provider": "c523cb22-3f79-4964-91c0-9b4a13ff6b9f",
  "identity_type": "login",
  "name": "Joe User",
  "organization": "Example",
  "status": "used",
  "username": "user@example.org"
}

To override this, use the --mapped-user command-line option. Note that the credential can only be created if the identity mapping is valid for that storage gateway and the caller has permissions to create the credential.

This command will output a URL which the caller must log into using a web browser to create the authorization code that the endpoint can use to obtain a token to access the caller’s cloud storage. Once the GCS Manager obtains the token, it will display a success web page in the browser used to authenticate.

Options

-h, --help: Show help message and exit.
--version: Show the version and exit.
--globus-identity [UUID|USERNAME]: Globus identity id or username id to associate the credential with
--mapped-user USERNAME: GCSv5 mapped identity username. If not provided, defaults to the Globus identity username
--use-explicit-host IP_ADDRESS: IP address of the GCS node to use for this request. If not specified, any available GCS node in the endpoint will be used.

Example

This example initiates an authentication flow with Box.com to request credentials for a Box storage-gateway with id 68556821-8fe5-4075-819b-9d93de39077f.

globus-connect-server user-credentials oauth-create 68556821-8fe5-4075-819b-9d93de39077f --globus-identity user@example.org
To complete credential creation, visit
https://account.box.com/api/oauth2/authorize?client_id=CLIENT&redirect_uri=https%3A%2F%2Fdata.example.org%2Fapi%2Fv1%2Fauthcallback&scope=root_readwrite&access_type=offline&response_type=code&state=JWT_DATA&box_login=user%40example.org