Leveraging Globus Infrastructure from a third party Application

[Joshua Brown]

Hi,

I was hoping to get some input on the correct way to go about using a Globus from a third party application.

I have an application that uses Globus for the data transfer aspects. Users can submit transfers from the application. The application has GCS endpoints that it manages. However, we want to let users transfer data from any GCS endpoint to the endpoints managed by the application. One of the challenges I’m hitting is when they want to transfer data from a GCS endpoint at organization “A” to a GCS endpoint managed by our application they are required to reauthenticate with the organization.

Side note. Many organizations have the GCS endpoints configured with a session timer. 30 minutes after the user authenticates with the organization the session times out.

The problem I’m hitting is not that a session times out but rather that there seems to be no way to reauthenticate non-interactively with the organization after the timeout occurs. Users are required to retrigger the Oauth2 code authorization flow which requires manual interaction.

I can conceive a solution where organization “A” provides users with the ability to create client credentials. However, even if a user had client credentials through organization “A” I don’t believe there is a way to use them through Globus to re-establish a secure connection. This becomes problematic for long lasting workflows or automated workflows. How do Globus flows deal with this problem? Are users still required to reauthenticate with the organization after the 30 minute session timeout, I would assume so?

Happy to explain more if my explanation is not clear.