Science Platform Tokens

The Notebook Aspect of the Rubin Observatory Science Platform provides access tokens for interacting with other services provided by the Science Platform. An example is the TAP service provided by the API Aspect. When interacting with authenticated services for within the Notebook Aspect you typically doesn’t need to interact with the access tokens since the various clients are able to pick up the token from your user environment. If you want to access services from a local machine (for example, to access the TAP service from TOPCAT), you will need to create an access token for that purpose.

This page will give you an introduction to the access token, where to create one for use from a local machine, and how to use it in an environment outside the Notebook Aspect.

The current user interface for managing tokens will look very primitive. The functionality is present, but the UI design is not yet complete. This will be improved in later development.

The Notebook Aspect access token

Whenever you log on to the Notebook Aspect, an access token will be generated for you and stored in your home space in the Notebook Aspect. This token is time-limited and will be refreshed when you log out and log back in. The token is stored in the file ~/.access_token so that it can be accessed by notebooks and used to authenticate to other Science Platform services.

The environment includes a notebook, at ~/notebooks/system-test/token-info.ipynb, that allows you to inspect that token. Executing the two cells in the notebook will provide information about token creation time and lifetime among other things. You will note from the above notebook that the token is also provided as the value of the environment variable ACCESS_TOKEN, but the file version should be considered primary.

Using a token outside the Science Platform

If you want to use an access token from your local system, you can create a new one. At creation time, you can

  • give the token a name,

  • restrict the token’s access to only the services you need, and

  • configure the expiration, including setting it to not expire.

Following are instructions for creating a new access token.

  1. Go to Rubin Science Platform at the Base in a web browser.

  2. Select Security Tokens from the user drop-down menu at the upper right.

    Drop-down user menu
  3. Click on Create Token under User Tokens.

    Create token button
  4. Choose a token name, scopes, and expiration. Usually you will want to name the token after the application you will use it with.

    Which scopes to select depends on what you’re doing.

    If you know that you’ll only be using the token for a limited period of time, you can choose an expiration date. Otherwise, you can set the token to never expire.

    Create token dialog
  5. Click on Create. You will be shown the token, but only once. Be sure to copy this token and save it somewhere secure on your local system.

    Create token result