Skip to content
This repository was archived by the owner on Oct 23, 2023. It is now read-only.

Commit d8c60a7

Browse files
blankdotsteemukataja
blankdots
authored and
teemukataja
committed
adjusting documentation info about audience
1 parent 61ab126 commit d8c60a7

1 file changed

Lines changed: 18 additions & 12 deletions

File tree

docs/instructions.rst

Lines changed: 18 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -83,19 +83,25 @@ The configuration variables reside in the same `CONFIG_FILE` as described above
8383
:language: python
8484
:lines: 90-116
8585

86-
``server`` should point to an API that returns a public key which can be used to validate the received Bearer token.
87-
``issuers`` is a string of comma separated values, e.g. `one,two,three` without spaces. The issuers string contains
88-
a list of entities that are viewed as trusted organisations.
89-
``bona_fide`` should point to an API that returns the `bona_fide_status` this is
90-
`ELIXIR AAI <https://www.elixir-europe.org/services/compute/aai>`_ specific.
91-
``audience`` is a string of comma separated values, e.g. `aud1,aud2,aud3` of intended audiences. Audience is a value
92-
in JWT that describes what service(s) the token is intended for. You can get an audience hash or URI from the AAI service
93-
your application is using, or if your service is part of a Beacon Network, you can get the key from your Beacon Network administrator.
94-
Leave this empty if your service doesn't care about the intended audience.
86+
* ``server`` should point to an API that returns a public key, which can be used to validate the received JWTBearer token.
87+
* ``issuers`` is a string of comma separated values, e.g. `one,two,three` without spaces. The issuers string should contain
88+
a list of entities that are viewed as trusted organisations.
89+
* ``bona_fide`` should point to an API that returns the `bona_fide_status` this is
90+
`ELIXIR AAI <https://www.elixir-europe.org/services/compute/aai>`_ specific.
91+
* ``audience`` is a string of comma separated values, e.g. ``aud1,aud2,aud3`` of intended audiences. Audience is a value
92+
in JWT that describes what service(s) the token is intended for.
93+
94+
The audience `hash` or `URI` from the AAI service can be used, or if the service is part of a `Beacon Network`,
95+
use the key provided by the Beacon Network administrator.
96+
97+
**Leave empty if the service doesn't care about the intended audience.**
98+
9599
``verify_aud`` can be set to either ``True`` or ``False``. If enabled, this option forces Beacon to verify the audience(s)
96-
in the supplied token. If disabled, the audience(s) of a token will not be validated. Disabling this can be a good solution for standalone
97-
Beacons, that want to be able to use tokens generated by any authority. If you set ``verify_aud=True`` be sure
98-
to also set a value for ``audience`` key, as otherwise the audience will be attempted to be valited, but as no audiences
100+
in the supplied token. If disabled, the audience(s) of a token will not be validated.
101+
102+
Disabling this can be a good solution for standalone
103+
Beacons, that want to be able to use tokens generated by any authority. If ``verify_aud=True`` is set
104+
provide also value(s) for ``audience`` key, as otherwise the audience will be attempted to be valited, but as no audiences
99105
are listed, the validation will fail.
100106

101107
.. note:: For implementing `CONTROLLED` dataset permissions see :ref:`permissions`.

0 commit comments

Comments
 (0)