Request for information re MOA data sharing

pcowan · May 11, 2026, 3:46pm

Hello @rra,

Our cloud team need the following information to provide the Rubin team a OIDC Redirect URI. :
client_id = “oidc-client-id”
client_secret = “oidc-client-secret”
oidc_issuer = “https://idp.example.com”
authorize_scopes = “e.g. openid email profile”

Can you help? Thank you.

rra · May 11, 2026, 4:03pm

Hi Preeti,

I think DMTN-253 should provide the necessary background including the scopes to use. The client ID and secret will be provided once your request is approved. The OIDC issuer information can be found in the OpenID Connect metadata published by data.lsst.cloud:

https://data.lsst.cloud/.well-known/openid-configuration

pcowan · May 11, 2026, 11:03pm

Thank you, Russ. I have passed this on to our cloud team.

etan221-uoa · May 22, 2026, 4:37pm

@rra please see above

etan221-uoa · May 22, 2026, 4:37pm

Hi Russ, I am Eric Tan, the UOA developer.

How should we launch to request for a new client_id and secret ?

Here or some other private communication channel ?

rra · May 26, 2026, 2:48pm

Yes, indeed, you should make the request here in this topic. We need the information listed in DMTN-253, and then I’ll create the client and send you the information when the configuration is updated. We do that during Thursday maintenance windows.

etan221-uoa · June 3, 2026, 10:41pm

Request for OIDC Client Credentials (client_id / client_secret)

Organization & Contact Information

Organization Name: University of Auckland - Faculty of Science - Vera Rubin Data Sharing API
Primary Technical Contact Email: researchmanagement@auckland.ac.nz, eric.tan@auckland.ac.nz
Platform Purpose: The Vera Rubin Data Sharing API is used to provide authenticated and throttle controlled access for external Research Collaborators to night sky images stored in a databased hosted at UoA. As a part of the University of Auckland’s engagement with the Vera Rubin Observatory, the Faculty of Science is looking to provide access to external collaborators from the Observatory to images of the night sky stored in the UOA data centre.

Technical Metadata for Pre-Registration

In accordance with DMTN-253 and the published metadata at data.lsst.cloud, we would like to request a client_id and client_secret with the following parameters:

Requested Client Name: uoapool-nonprod
Grant Type: authorization_code
Requested Scopes: openid, profile, email, rubin
Token Endpoint Auth Method: client_secret_basic

Authorized Redirect URIs

Please register the following exact URI(s) for our authentication callbacks:

A short name for our IDAC: IDAC UOA nonprod
redirect_uri: https://uoapool-nonprod.auth.ap-southeast-2.amazoncognito.com/oauth2/idpresponse

Secure Key Delivery

Once approved, please let us know how your team prefers to securely transmit the generated client_secret to our technical contact (e.g., via encrypted email, 1Password link, or an established secure chat channel).

Thank you for your assistance in provisioning our access!

eric-el-tan · June 9, 2026, 4:24pm

Hi @rra, please advise

rra · June 9, 2026, 5:12pm

Hi Eric,

I’m just waiting for @knutago to approve. Hopefully he’ll have a chance to look at this soon.

eric-el-tan · June 16, 2026, 1:22am

@rra @knutago Kindly please update us the status. Thanks ~

knutago · June 16, 2026, 9:56pm

Apologies, I missed the notifications! Yes this is approved, please go ahead.

rra · June 17, 2026, 11:17pm

This is queued up for our maintenance window tomorrow. I will send you the authentication details for your OIDC client via a 1Password link in DM once that’s deployed (late afternoon US Pacific time).

knutago · June 18, 2026, 12:46am

Thank you!

rra · June 18, 2026, 10:52pm

The new client has been enabled in data.lsst.cloud and I’ve sent Eric the credentials in DM.