get_tapis_tenant_and_username()

get_tapis_tenant_and_username()#

get_tapis_tenant_and_username(t,,prefer_userinfo: bool = True,fallback_to_token: bool = True,default_tenant=None,default_username=None,verbose: bool = False)*

Purpose: Quickly retrieve the tenant and username for the current Tapis session in a way that works across hosted hubs and restricted environments.

What it does#

  • Returns a tuple: (tenant_id, username).

  • Prefers token claims for tenant (most reliable), and userinfo for username.

  • Falls back to client attributes and tokens.validateToken()—without raising errors.

Signature#

get_tenant_and_username(
    t,
    *,
    prefer_userinfo: bool = True,
    fallback_to_token: bool = True,
    default_tenant=None,
    default_username=None,
    verbose: bool = False,
) -> tuple[str|Any, str|Any]

Parameters#

  • t (tapipy.tapis.Tapis): Authenticated Tapis client.

  • prefer_userinfo: Try userinfo first for username (quietly falls back).

  • fallback_to_token: Use token claims / validateToken() if needed.

  • default_tenant, default_username: Returned when a value can’t be resolved.

  • verbose: Print short diagnostics while resolving.

Returns#

  • (tenant_id, username) — Strings when available; otherwise the provided defaults.

Example#

tenant, user = get_tenant_and_username(t)
print(f"Submitting as {user} on tenant {tenant}")

When is the tenant used?#

The tenant identifies which Tapis “organization/realm” you’re operating in. It matters for:

  • Authorization & routing Your token is issued for a specific tenant; services use it to route requests and enforce RBAC within that tenant’s namespace.

  • Resource scope Systems (execution/storage), Apps, and Jobs belong to a tenant. You typically can’t reference resources across tenants unless explicitly supported and permissioned.

  • Provenance & logging Stamp tenant@username into logs, job names, and run metadata—crucial for debugging shared notebooks and multi-tenant platforms (e.g., DesignSafe vs. other Tapis tenants).

  • Automation & safety checks Before registering an app or submitting a job, confirm you’re on the expected tenant (e.g., “designsafe”) to avoid creating resources in the wrong place.

  • On-Behalf-Of (OBO) flows / service accounts Some workflows act on behalf of another tenant or user; the tenant in the token (and sometimes OboTenant headers) controls that behavior.

Tip: Log both values up front:

tenant, user = get_tenant_and_username(t)
print(f"[context] tenant={tenant} user={user}")

This single line saves a ton of debugging later.

Contents