ScopeCollections

OAuth2 Scopes for various Globus services are represented by ScopeCollection objects. These are containers for constant Scope objects.

Scope collections are provided directly via globus_sdk.scopes and are also accessible via the relevant client classes.

Direct Use

To use the scope collections directly, import from globus_sdk.scopes.

For example, one might use the Transfer “all” scope during a login flow like so:

import globus_sdk
from globus_sdk.scopes import TransferScopes

CLIENT_ID = "<YOUR_ID_HERE>"

client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
client.oauth2_start_flow(requested_scopes=[TransferScopes.all])
...

As Client Attributes

Token scopes are associated with a particular client which will use that token. Because of this, each service client contains a ScopeCollection attribute (client.scopes) defining the relevant scopes for that client.

For most client classes, this is a class attribute. For example, accessing TransferClient.scopes is valid:

import globus_sdk

CLIENT_ID = "<YOUR_ID_HERE>"

client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
client.oauth2_start_flow(requested_scopes=[globus_sdk.TransferClient.scopes.all])
...

# or, potentially, after there is a concrete client
tc = globus_sdk.TransferClient()
client.oauth2_start_flow(requested_scopes=[tc.scopes.all])

As Instance Attributes and Methods

Some client classes only provide their scopes for instances. These cases cover services which are distributed or contain multiple subservices with their own scopes.

For example, GCSClient and SpecificFlowClient each have a scopes attribute of None on their classes.

In the case of SpecificFlowClient, scopes are populated whenever an instance is instantiated. So the following usage is valid:

import globus_sdk

FLOW_ID = "<YOUR_ID_HERE>"

client = globus_sdk.SpecificFlowClient(FLOW_ID)
flow_user_scope = client.scopes.user

In the case of GCS, a distributed service, scopes is always None. However, globus_sdk.GCSClient.get_gcs_endpoint_scopes() and globus_sdk.GCSClient.get_gcs_collection_scopes() are available helpers for getting specific collections of scopes.

Using a Scope Collection to Get Matching Tokens

A ScopeCollection contains the resource server name used to get token data from a token response. To elaborate on the above example:

import globus_sdk
from globus_sdk.scopes import TransferScopes

CLIENT_ID = "<YOUR_ID_HERE>"

client = globus_sdk.NativeAppAuthClient(CLIENT_ID)
client.oauth2_start_flow(requested_scopes=[TransferScopes.all])
authorize_url = client.oauth2_get_authorize_url()
print("Please go to this URL and login:", authorize_url)
auth_code = input("Please enter the code you get after login here: ").strip()
token_response = client.oauth2_exchange_code_for_tokens(auth_code)

# use the `resource_server` of a ScopeBuilder to grab the associated token
# data from the response
tokendata = token_response.by_resource_server[TransferScopes.resource_server]

Reference

Collection Types

class globus_sdk.scopes.ScopeCollection[source]

Bases: ABC

The common base for scope collections.

ScopeCollections act as namespaces with attribute access to get scopes.

They can also be iterated to get all of their defined scopes and provide the appropriate resource_server string for use in OAuth2 flows.

class globus_sdk.scopes.StaticScopeCollection[source]

Bases: ScopeCollection

A static scope collection is a data container which provides various scopes as class attributes.

resource_server must be available as a class attribute.

class globus_sdk.scopes.DynamicScopeCollection(resource_server)[source]

Bases: ScopeCollection

The base type for dynamic scope collections, where the resource server is variable.

The default implementation takes the resource server as the only init-time parameter.

Parameters:

resource_server (str) – The resource_server to use for all scopes attached to this scope collection.

class globus_sdk.scopes.GCSEndpointScopes(resource_server)[source]

Bases: DynamicScopeCollection

A dynamic ScopeCollection with a named property for the GCS manage_collections scope. “manage_collections” is a scope on GCS Endpoints. The resource_server string should be the GCS Endpoint ID.

Examples

>>> sc = GCSEndpointScopes("xyz")
>>> mc_scope = sb.manage_collections
class globus_sdk.scopes.GCSCollectionScopes(resource_server)[source]

Bases: DynamicScopeCollection

A dynamic ScopeCollection with a named property for the GCS data_access scope. “data_access” is a scope on GCS Collections. The resource_server string should be the GCS Collection ID.

Examples

>>> sc = GCSCollectionScopes("xyz")
>>> da_scope = sc.data_access
>>> https_scope = sc.https
class globus_sdk.scopes.SpecificFlowScopes(flow_id)[source]

Bases: DynamicScopeCollection

This defines the scopes for a single flow (as distinct from the Flows service).

It primarily provides the user scope which is typically needed to start a run of a flow.

Example usage:

sc = SpecificFlowScopes("my-flow-id-here")
flow_scope = sc.user

Collection Constants

globus_sdk.scopes.data.AuthScopes

Globus Auth scopes.

Various scopes are available as attributes of this object. For example, access the view_identity_set scope with

>>> AuthScopes.view_identity_set

Supported Scopes

  • email

  • manage_projects

  • openid

  • profile

  • view_authentications

  • view_clients

  • view_clients_and_scopes

  • view_consents

  • view_identities

  • view_identity_set

globus_sdk.scopes.data.ComputeScopes

Compute scopes.

Various scopes are available as attributes of this object. For example, access the all scope with

>>> ComputeScopes.all

Supported Scopes

  • all

globus_sdk.scopes.data.FlowsScopes

Globus Flows scopes.

Various scopes are available as attributes of this object. For example, access the all scope with

>>> FlowsScopes.all

Supported Scopes

  • all

  • manage_flows

  • run

  • run_manage

  • run_status

  • view_flows

globus_sdk.scopes.data.GroupsScopes

Groups scopes.

Various scopes are available as attributes of this object. For example, access the all scope with

>>> GroupsScopes.all

Supported Scopes

  • all

  • view_my_groups_and_memberships

globus_sdk.scopes.data.NexusScopes

Nexus scopes.

Various scopes are available as attributes of this object. For example, access the groups scope with

>>> NexusScopes.groups

Supported Scopes

  • groups

Warning

Use of Nexus is deprecated. Users should use Groups instead.

globus_sdk.scopes.data.SearchScopes

Globus Search scopes.

Various scopes are available as attributes of this object. For example, access the all scope with

>>> SearchScopes.all

Supported Scopes

  • all

  • globus_connect_server

  • ingest

  • search

globus_sdk.scopes.data.TimersScopes

Globus Timers scopes.

Various scopes are available as attributes of this object. For example, access the timer scope with

>>> TimersScopes.timer

Supported Scopes

  • timer

globus_sdk.scopes.data.TransferScopes

Globus Transfer scopes.

Various scopes are available as attributes of this object. For example, access the all scope with

>>> TransferScopes.all

Supported Scopes

  • all

  • gcp_install