Hi Steve, there is another solution is that the user is giving his credential via the tool. The only thing is missing the tag password on the xml then you can encrypt the password. I tried to add the new paramter on the build.py but I have some errors, don't know if someone arrived to fixed it. Mohamed 2016-07-28 10:00 GMT+02:00 Steve Cassidy <steve.cassidy@mq.edu.au>:
Hi Mohamed, In my case, the credentials on Galaxy are not generally the same as on the remote system so we need some way to store a second set of credentials in the galaxy session.
So, for example, user Fred has an account on Galaxy (fred@here.com) and wants to get data from Alveo as input to a workflow. For the Alveo tools to get data, they need Fred’s access token from Alveo which Fred can retrieve by logging in to the Alveo website. Fred enters the access key into his preferences in Galaxy. This key is then passed to one or more tools that access Alveo on his behalf:
- the query tool finds words matching a given pattern from a spoken corpus (needs the token) - the get-data tool retrieves the audio files for each word (needs the token) - the automatic alignment tool finds the locations of the vowel sounds in each word - the annotation storer tool sends these locations back to Alveo as a new annotation set (needs the token)
and so on, at various times in the workflow, the tools need to talk to the repository to query, get data or add new data.
At the moment, I need the token to be a data item in the history, but it would be better if it were part of the user session in Galaxy.
Steve
— Department of Computing, Macquarie University http://web.science.mq.edu.au/~cassidy
On 28 Jul 2016, at 5:46 PM, Mohamed Kassam <k.mamoud@gmail.com> wrote:
Hello Cassidy, I have the same problem like you because I need the user credential to access to an external tools. I tried the user session variables available in the tool xml file: __user__, __user_email__, __user_name__ and __user_id__. I t works perfectly I don't know if you need the password, because this is the only information is missing.
Mohamed
2016-07-28 9:42 GMT+02:00 Steve Cassidy <steve.cassidy@mq.edu.au>:
Hi Bjorn, sure, I don’t want to have the credentials stored in the tool but the tool needs to act on behalf of the user to retrieve data from the repository, so it needs access to credentials. This could for example be a token generated via an OAuth2 exchange - basically something that is sent along with every http request to the remote resource to authenticate the user.
My thought is that this could be stored in the user profile if this can be made available to the tool in the same way that __user_email__ is now.
When you say ‘on the framework level’ do you mean by Galaxy?
Steve — Department of Computing, Macquarie University http://web.science.mq.edu.au/~cassidy
On 28 Jul 2016, at 5:23 PM, Björn Grüning <bjoern.gruening@gmail.com> wrote:
Hi Steve,
can you explain the larger use-case behind it. Imho you should not populate a tool with credentials, this should be handled on the framework level.
Hope you are fine, Bjoern
Am 28.07.2016 um 03:15 schrieb Steve Cassidy:
Hi again, I’m looking for the right way to store some user credentials in the galaxy session so that tools can work on behalf of the user with our repository.
Currently users have an API key and they need to upload it as a data item to that is then passed to each tool that needs it as input. This doesn’t seem like the right solution since the API key becomes part of the history and so would be shared if the history were shared.
What would be better would be a way of storing the API key in the user session and then being able to pass that into a tool.
I note that there are a few user session variables available in the tool xml file: __user__, __user_email__, __user_name__ and __user_id__. There is also a user preferences page where they can fill out a few details. However, I can’t see a mechanism to extend this in any way and have extra properties in the preferences pane that would then be available to tools via the template file.
I can see that the standard practice for the data sources on usegalaxy.org <http://usegalaxy.org> is to send the user off to a repository website to find data that is then posted back to the galaxy server. This isn’t appropriate for us since the interaction with the repository is not just for downloading a single dataset - tools will query the repository, download various kinds of data and possibly upload new data, so we need to store user credentials in some way.
Is there already a good way to achieve this or is this an enhancement to Galaxy?
Thanks,
Steve
— Department of Computing, Macquarie University http://web.science.mq.edu.au/~cassidy <http://web.science.mq.edu.au/%7Ecassidy>
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/