Macaroons¶
Introduction¶
Swestore supports Macaroons, a bearer token technology used with the WebDAV/HTTP protocols. Macaroons makes it easy to create temporary access links with limited permissions and are extremely well suited for creation of access portals, limited time file sharing/delegation, and other use cases.
Using dCache View to generate Macaroons¶
The dCache View web interface can be used for easy creation of Macaroons for file/directory sharing etc.
Note that the dCache View is evolving, at the time of this writing the procedure to share a file/directory is:
- Navigate to Swestore dCache View web interface and log in.
- Navigate by double-clicking on directory names down the tree until you see the item you want to share in the list.
- Right-click on the item and select Share.
- Double-check that it's the right item (there is currently NO way to remove a Macaroon!).
- Double-check that the allowed activities is what you want.
- Select lifetime (max 1 week).
- Click GENERATE.
- Copy the Direct Link (2nd option from top) and share that with the intended audience. The top-most one should give a nicer user interface, but that doesn't work for some reason. Alternatively, if the user is familiar with the rclone tool the Rclone config snippet might also be relevant.
This is a moving target so don't hesitate to point out bugs/issues to us.
Further reading¶
The dCache documentation has more information and examples. See:
https://dcache.org/manuals/UserGuide-8.2/webdav.shtml#requesting-macaroons
https://dcache.org/manuals/UserGuide-8.2/macaroons.shtml
The Macaroons Playground can be used to build/test/verify Macaroons and also provides additional documentation links: