SciTokens

raw JSON →
1.9.7 verified Mon Apr 27 auth: no python

Reference implementation of the SciToken authentication and authorization library, providing token creation, validation, and enforcement for distributed scientific computing. Current version 1.9.7, requires Python >=3.5. Releases are irregular, driven by community needs.

pip install scitokens

Common errors

error ImportError: cannot import name 'SciToken' from 'scitokens'
cause Older versions of scitokens placed SciToken under scitokens.scitokens; newer versions export directly from scitokens.
fix
Use 'from scitokens import SciToken' with version >=1.0.0.
error scitokens.exceptions.TokenValidationError: Token has expired
cause The token's expiration claim ('exp') is in the past or not properly set.
fix
Ensure the token's 'exp' claim is set to a future time. For example: token.update_claims({'exp': int(time.time()) + 3600}).

Warnings

gotcha Serialization type 'unprotected' produces a token without signature; use with caution. For production, use 'jws' or a proper key.
fix Provide a valid private key and use serialize() without serialization_type for signed tokens.
gotcha The library may change the default algorithm between versions; always specify algorithm explicitly when creating tokens to avoid surprises.
fix Use SciToken(algorithm='RS256', ...) or the appropriate algorithm.

Imports

Quickstart

Create and serialize an unprotected SciToken using an issuer and key ID.

import scitokens
import os

token = scitokens.SciToken(
    issuer=os.environ.get('SCITOKENS_ISSUER', 'https://example.com/'),
    key_id='rsa_key',
)
token.update_claims({'sub': 'user123', 'scope': 'read:/data'})
serialized = token.serialize(serialization_type='unprotected')
print(serialized)
last verified Mon Apr 27
next check Sun Jul 26