vokac

IAM-specific behavior should be fixed https://github.com/indigo-iam/iam/issues/429

CILogon doesn't support "OAuth Resource Indicators" [RFC8707](https://datatracker.ietf.org/doc/html/rfc8707)? During last [IAM hackaton](https://indico.cern.ch/event/1443968/overview) I asked developer about https://github.com/indigo-iam/iam/issues/841, if I remember correctly it should not be difficult to support RFC way to...

With slightly updated script that gets second access token using refresh token with ```bash IAM_CLIENT_SCOPES=${IAM_CLIENT_SCOPES:-"offline_access wlcg.groups storage.read:/ storage.modify:/atlasdatadisk/SAM/"} ... curl -q -L -s \ -u ${IAM_CLIENT_ID}:${IAM_CLIENT_SECRET} \ -d grant_type=refresh_token \...

"solved" by secondary CERN account which can be used to issue different certificate for my second IAM account. Our national CA operator CESNET no longer [issue TCS grid certificates](https://pki.cesnet.cz/en/tcs-personal.html) and...

Still, it would be nice if IAM prints error while trying to link "bad" certificate and not just blank page. Actually, page is not empty and it contains, e.g. ```Could...

Do we understand in a first place why CERN HR DB doesn't contain right information? Do we have a "picture" where we can see which systems are involved (does experiment...

Are you suggesting that we should start to use `hr.cern.ignore` when account gets accidentally suspended by CERN HR synchronization? It would be even easier for us set this flag for...