SciTokens for Java
Prerequisites
- Java 8+
- Maven 3.0+
- Tomcat 7 or above
- Java mail (see here
- Some form of persistent storage, such as Postgres, MySQL, MariaDB or a file system. See the specific sections here
Docs
Notes
For the server
This is standard OA4MP with an extension to handle SciTokens.
So pretty much all of the standard OA4MP documentation and features work.
The default for OA4MP is OIDC, so you should set the OIDCEnabled flag to false unless you need OIDC support
(see here)
and there is one additional configuration flag specific to SciTokens that needs to be set true,
issueATasSciToken = issue the Access Tokens as a SciToken.
Otherwise a non-SciToken will be generated as the access token. (That would be used in a very specific case, where it is presented to the the token exchange endpoint to get a SciToken.) A snippet of the configuration might look like this:
<service name="my.scitokens.server"
issueATasSciToken="true"
OIDCEnabled="false"
refreshTokenLifetime="1000000"
refreshTokenEnabled="true"
scheme="sciTokens"
schemeSpecificPart=""
clientSecretLength="40"
debug="trace">
<!-- other stuff -->
</service>For clients
Once you have a server up and running, you need to register and configure clients
in order to get SciTokens.
There is a template document as well here.
Templates tell the server how the client should create it SciTokens. There is a lot of flexibility in what
can be done since there is a strong scripting language backing the configurations. Creation of SciTokens can be
dictated as well based on the claims (which are best viewed as metadata) about the user.
You may also manipulate SciTokens (which includes many other useful utilities) using the command line utilities