info command?

2 posts / 0 new
Last post
info command?

Hi Jason,

Will there be an 'info' command that tells the user how long their OAuth token is good for?  I.e., the equivalent "grid-proxy-info" command?  Or maybe after the user successfully authenticates, it could tell the user how long the token is good for?


Delivery Effort Stage: 

The token auto renews each time you use it so there is no lifetime per se. It's a slightly different mindset than with GSISSH. You are essentially consenting to the local SSH client having access to the SSH service on your behalf until you revoke the consent, either via 'ssh logout <hostname>' or visiting then "Manage your consents". As a user, you have the luxury of needing to consent only once (with caveat below).

On the SSH service side however, the site has the ability to apply "Levels of assurances" (LOA) that can make security statements such as "I will only accept an access token which the user has proven himself/herself to the identity provider of my choice within the given, recent timeframe." 

So it is possible that you issue "globus-ssh <hostname>" with a valid access token but then are redirected to re 'globus-ssh login <hostname>' in order to satisfy the site security policy. But this information can not be deduced from the access token alone.  

Log in to post comments