We need a way to get a token obtained from https://data.lsst.cloud/auth/tokens (or similar endpoint for any given instance of the RSP) into an "offsite" Firefly session - in particular, one with the FIrefly server running on a developer's own system (e.g., on a laptop), in order to facilitate debugging of Firefly behavior against the all-authenticated RSP data services.
This could be as simple as providing for a token in an environment variable at Firefly server startup, or could include some UI support for pasting in a token to an existing session.
Either way, the Firefly session should then apply the token to any access to data services in the Rubin domains (e.g., lsst.cloud).
Instructions for getting a token:
- Go to https://data.lsst.cloud/auth/tokens (or its equivalent on another instance). This page is accessible from the login/session menu in the upper right of the RSP home page, under "Security tokens".
- Click "Create Token"
- Select scopes "read:image" and "read:tap"
- Set expiration date according to your risk-tolerance
- Click "Create"
- Copy the token right away to a secure place. Once the dialog displaying the token is closed, the full token cannot be retrieved again.
NB: Tokens are unique to a specific RSP instance. A token from data.lsst.cloud cannot be used on data-int.lsst.cloud, for example.