-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support implementations that do not require authorization for the get_object endpoint #56
Comments
Also adding the config files used for the two reports above. |
Reran with the latest update. However, the config file is now more cumbersome to edit - with a lot of duplication. The following config would be more compact.
|
The following might also be considered which provides auth which would be used for all the objects in the test. This would be a practical simplification and would work for most of the common existing DRS services. If necessary, auth details could be provided at an object level. If absent the auth_config would be used. In most cases only auth_config would be needed.
|
For objects that require authorization...
Many DRS implementations do not require authorization for get_object. Authorization is only needed when obtained the url at which to download bytes.
This applies to all the gen3 DRS implementations (crdc, topmed, etc.) and to the NCBI implementation.
The compliance suite appears to apply authentication to the get_objects request i.e. the get /objects/ end point.
The first result set (drs_compliance_report2.txt) shows the test report for the NCBI DRS with "auth_type": "passport"
This fails the "drs object info" phase because authentication is being applied to the request. The server does not expect auth to be passed for this request.
The second result run (drs_compliance_report2.txt) used the same drs ids with with "auth_type": "none"
The responses for the ids pass most tests
(the issue with the NCBI implementation providing self_uri as self_url is a separate issue and will be dealt with by the implementation)
It of course fails the "drs object access" phase with a 401 when it attempts to get the url for the object.
The compliance suite should support applying auth only to the object access phase in such a scenario.
Note that some implementations require auth for both phases. The compliance suite will need to handle both scenarios.
The attached .txt files are json, but the json extension was not supported during file upload to GitHub.
drs_compliance_report2.txt
drs_compliance_report3.txt
The text was updated successfully, but these errors were encountered: