allow optional headers on access_url (resolves issue #239) #248
Conversation
Added a few method descriptions (and shortened method summaries).
|
@kemp-google @philloooo -- fyi -- this PR allows DRS servers to optionally return auth headers along with access URLs. It's meant to finish the plan discussed in #239 -- comments welcome |
|
FYI, the swagger can be found here: https://ga4gh.github.io/data-repository-service-schemas/preview/feature/issue-239-access-credentials/swagger-ui/#/DataRepositoryService |
| items: | ||
| type: string | ||
| description: >- | ||
| An optional list of headers to include in the HTTP request to `url`. |
There was a problem hiding this comment.
I think this is a great first step. It improves what we have right now and we should go for it. As an implementer/user of DRS I'd like to know 1) what are the possible headers here, do we define them in the /service-info end point for example or in the spec as a list of acceptable ones? And 2) it would be great to see examples of how these work for each of the types of access methods DRS 1.0 would support (in the docs for example). Totally fine to address in a future PR
There was a problem hiding this comment.
Re (1): As a user, you shouldn't have to know what headers are possible; you just use the ones you're given. As an implementor, you can return any headers you want. The most likely use case is to return an Authorization header, as is shown in the example in the YAML.
Re (2): this PR already includes beefed-up documentation on access methods (in front_matter.adoc); happy to add more in future PRs
|
See what the Drivers think after @sarpera takes a look and gives thumbs up. Does it work for others using things like aspera or globus |
There was a problem hiding this comment.
@dglazer although I see the point as a general pupose, I don't see it working well in a scenario where the content server requires a token generated for the user that can expire. Are we expecting that in those cases the final client will do the whole process of fetching, et al whenever we need to resume or restart?
|
Notes from call: @jorizci mentioned expiration of tokens... will work well for static system but not sure how this will work systems that expire their tokens quickly. Does this work for EGA/ENA/EVA?
|
|
Summarizing conversation with @jorizci on the workstream call -- this PR is not sufficient to fully meet EGA's use case, but he's a "-0", not a "-1". From his perspective, it's okay to merge, and we should discuss further enhancements in Hinxton. |
|
+1 from ICGC-ARGO |
This PR resolves issues #239. Changes:
AccessURLobject that contains aurlstring and an optionalheadersarrayaccess_urlstring with the new object, inAccessMethodand in the/accessmethodStaged documentation: https://ga4gh.github.io/data-repository-service-schemas/preview/feature/issue-239-access-credentials/docs/