# Globus /Authorization Options

This document describes the various options that are available during authorization. 

Original documentation: [Globus Auth Documentation](https://docs.globus.org/api/auth/reference/#authorization_code_grant_preferred)

## Imports and a Shared Function

In [12]:
# Imports and a shared function
import json
import globus_sdk
import os
os.environ['GLOBUS_SDK_ENVIRONMENT'] = 'test'

def authorize(params: dict, scopes: list):  
  nc = globus_sdk.NativeAppAuthClient("8e6ad92c-7a24-4d2b-933f-36d97297d36c", app_name="Sams Test 1")
  nc.oauth2_start_flow(requested_scopes=scopes)
  authorize_url = nc.oauth2_get_authorize_url(query_params = params)
  print("Please go to this URL and login: {0}".format(authorize_url))

## Scopes

In [14]:
params = {}
scopes = ['openid']
authorize(params, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid&state=_default&response_type=code&code_challenge=VA7LhoVj72mQ7sNrtwHosiooG-HFLM5HxfrT-Z37Dm8&code_challenge_method=S256&access_type=online


## Static Dependencies

We've spoken about this a lot, going to skip.

## Dynamic Dependencies

In [18]:
scopes = ['profile[urn:globus:auth:scope:groups.api.globus.org:all]']
authorize(params, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=G0aKrhiuwvoWypQspm2npPIB7J70fZ_jOdeI_BHBDtU&code_challenge_method=S256&access_type=online


In [19]:
scopes = ['openid', 
          'profile[urn:globus:auth:scope:groups.api.globus.org:all[*openid]]']
authorize(params, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=UH1QnZO593yFPkfYq48NTHDQXmnXbEW9GNuCbZiZBO4&code_challenge_method=S256&access_type=online


In [16]:
## Real-world: Transfer scope
scopes = [
    'urn:globus:auth:scope:transfer.api.globus.org:all[*https://auth.globus.org/scopes/431d5680-c754-41b6-9368-126137f88c21/data_access]',
    '*https://auth.globus.org/scopes/431d5680-c754-41b6-9368-126137f88c21/https',
    '*https://auth.globus.org/scopes/431d5680-c754-41b6-9368-126137f88c21/data_access', 
    '*urn:globus:auth:scope:1fb4fd72-c31a-483d-8f04-f795ccb3b4e0:manage_collections[*https://auth.globus.org/scopes/431d5680-c754-41b6-9368-126137f88c21/data_access]']
authorize(params, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=urn%3Aglobus%3Aauth%3Ascope%3Atransfer.api.globus.org%3Aall%5B%2Ahttps%3A%2F%2Fauth.globus.org%2Fscopes%2F431d5680-c754-41b6-9368-126137f88c21%2Fdata_access%5D+%2Ahttps%3A%2F%2Fauth.globus.org%2Fscopes%2F431d5680-c754-41b6-9368-126137f88c21%2Fhttps+%2Ahttps%3A%2F%2Fauth.globus.org%2Fscopes%2F431d5680-c754-41b6-9368-126137f88c21%2Fdata_access+%2Aurn%3Aglobus%3Aauth%3Ascope%3A1fb4fd72-c31a-483d-8f04-f795ccb3b4e0%3Amanage_collections%5B%2Ahttps%3A%2F%2Fauth.globus.org%2Fscopes%2F431d5680-c754-41b6-9368-126137f88c21%2Fdata_access%5D&state=_default&response_type=code&code_challenge=ZDnEHMsoyvzziWRTAr9Qb6TOdJFIdOGVJgj6Dluqtck&code_challenge_method=S256&access_type=online


## Authorization Options

In [17]:
scopes = ['openid profile[urn:globus:auth:scope:groups.api.globus.org:all[*openid]]']

In [4]:
## Default authorization
authorize({}, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=a7ipAdPslubGTu2j_UCwedDwBfxrF6yM0mve4TsZc-Q&code_challenge_method=S256&access_type=online


In [5]:
## Force Login with prompt=login
authorize({'prompt': 'login'}, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=FoYHANSjP57pgaQ1_ENovEBv0bUcoh0iZ4wEtTeynbE&code_challenge_method=S256&access_type=online&prompt=login


In [7]:
## Offline for a refresh token
authorize({'access_type': 'offline'}, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=ZtZQA1J13KY8CQYiRFOhelHex2mRMoc4JeEsmuN6O_Y&code_challenge_method=S256&access_type=offline


In [8]:
## Requiring domains with session_required_single_domain
authorize({'session_required_single_domain': 'uchicago.edu,google.com'}, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=0lcSbyfFy4FiS5COPHlSBMHxPGIETKJ_EOU3zpy6Id8&code_challenge_method=S256&access_type=online&session_required_single_domain=uchicago.edu%2Cgoogle.com


In [9]:
## Requiring a specific identity session with session_required_single_domain
authorize({'session_required_identities': '32493104-36fb-425b-8c46-791d592ec9df'}, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=CDVoK-8xohHxS40dn5mnlTNVIUPojuZM1ALSd6DZtM8&code_challenge_method=S256&access_type=online&session_required_identities=32493104-36fb-425b-8c46-791d592ec9df


In [10]:
authorize({
  'session_required_identities': '32493104-36fb-425b-8c46-791d592ec9df',
  'session_required_mfa': 'True'}, scopes)

Please go to this URL and login: https://auth.test.globuscs.info/v2/oauth2/authorize?client_id=8e6ad92c-7a24-4d2b-933f-36d97297d36c&redirect_uri=https%3A%2F%2Fauth.test.globuscs.info%2Fv2%2Fweb%2Fauth-code&scope=openid+profile%5Burn%3Aglobus%3Aauth%3Ascope%3Agroups.api.globus.org%3Aall%5B%2Aopenid%5D%5D&state=_default&response_type=code&code_challenge=Z5Yxb4LRWoEshTWQCa_gXD7ZF2ki21-TECntUsiZzY4&code_challenge_method=S256&access_type=online&session_required_identities=32493104-36fb-425b-8c46-791d592ec9df&session_required_mfa=True
