We need a way to get a token obtained from https://data.lsst.cloud/auth/tokens (or similar endpoint for any given instance of the RSP) into an "offsite" Firefly session - in particular, one with the FIrefly server running on a developer's own system (e.g., on a laptop), in order to facilitate debugging of Firefly behavior against the all-authenticated RSP data services.
This could be as simple as providing for a token in an environment variable at Firefly server startup, or could include some UI support for pasting in a token to an existing session.
Either way, the Firefly session should then apply the token to any access to data services in the Rubin domains (e.g., lsst.cloud).
Instructions for getting a token:
- Go to https://data.lsst.cloud/auth/tokens (or its equivalent on another instance). This page is accessible from the login/session menu in the upper right of the RSP home page, under "Security tokens".
- Click "Create Token"
- Select scopes "read:image" and "read:tap"
- Set expiration date according to your risk-tolerance
- Click "Create"
- Copy the token right away to a secure place. Once the dialog displaying the token is closed, the full token cannot be retrieved again.
NB: Tokens are unique to a specific RSP instance. A token from data.lsst.cloud cannot be used on data-int.lsst.cloud, for example.
- links to
Expected to be deployed in the next Firefly 2022.2.x point release.
Trey Roby reported internally to IPAC that the development build with this feature works well and is enabling him to work with a remote Firefly successfully.
Linked to implementation ticket. Ticket is already merged in the upstream.