[XCI-443] XSEDE does not allow applications to see or use XSEDE user passwords Created: 08/25/2018 Updated: 08/25/2018
|Project:||XSEDE Cyberinfrastructure Integration|
|Public activity link:||https://software.xsede.org/display/xci-443|
IDM-07: Login to a locally installed application with a community identity
|Effort and Costs:||
Use case IDM-07 describes a locally installed application asking the user for his/her XSEDE username and password, then using them to authenticate the user with XSEDE. XSEDE does not, as a matter of policy, allow applications to do this because it exposes the user's XSEDE password to the application which creates a significant security risk, both for XSEDE and for the application user.
Instead, XSEDE supports Globus Auth's client credentials grant, by which the user authenticates directly with XSEDE (or another identity provider) and the application is given a secure code that it can use to retrieve the user's identity information without having access to the user's password.