-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] ORCID login [#OSF-5162, 6881, 6885] #6192
Conversation
- add `oauth` dictionary field - update `get_user()` to retrieve user based on oauth provider and id
- add `get_user_from_cas_response(cas_resp)` to recognize oauth credential - add `oauth_first_time_authenticate(oauth_user, response)` to - create a unauthenticated session to store user oauth credentials - redirect to a new view where user is asked to enter email - if user exists (either fromm user id or oauth credential), go to `authenticate(user, access_token, response)` - if oauth credential exists but no user found, go to user `oauth_first_time_authenticate(oauth_user, response)` - otherwise, unauthorized
… create or link OSF accounts. Part 1. - general struture guide - update routes, makos, and forms
- add `Session.is_oauth_first_time_login` and only allow the views to be reached by oauth first login - both link and create requires user verify email - session and cookie should be removed after done
- create user, send confirmation email, verify email - use ${oauth_provider} in `get_oauth_email.mako` - add push notifications
- `User.oauth` -> `User.external_identity` - update related mehtods, views, routes, makos change
- 'VERIFIED', 'CREATE', 'LINK' - update `get_user` to check `status` and only return verified user
- `send_confirm_email` takes extra parameter `external_identity` and use dedicated email templates - `exteranl_login_email_post()`: return a warn message if user is already associated with another external idp - update mail templates and messsages
…ccount creation. - add new routes `/confirm/external/<uid>/<token>` for confirmation link - add new view `external_login_confirm_email_get` to simplify account creation and linking - update `add_unconfirmed_email`, `send_confirm_email`,`get_confirmation_email` and `create_unconfirmed` - update TODO list and comments
@@ -19,6 +19,7 @@ | |||
'get_user', | |||
'check_password', | |||
'authenticate', | |||
'oauth_first_time_authenticate', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This probably needs to be updated.
-still incorrect, fix later
|
||
return { | ||
'form': form, | ||
'external_id_provider': external_id_provider.upper() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This shouldn't be calling .upper()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. external_id_provider
used to be all lower-case and this .upper()
is only for ORCID . With the new PR, it becomes what they should be in default settings for different external identity providers. There are other places that I used .upper()
and I will fix all.
- `get_user_from_cas_resp()` returns a tuple: user, external_credential, action - `validate_external_credential()` parse and valid provider and id - update user data for `external_first_login_authenticate()`
- fix typo in comments - update #TODO comments - use `.split()` instead of `.rsplit()` - remove `.upper()` on `external_id_provider
- fix typo in comments - update #TODO comments - use `.split()` instead of `.rsplit()` - remove `.upper()` on `external_id_provider
-link TODOs to tickets
Related CAS PR: CenterForOpenScience/cas-overlay#22. |
* Add front-end, v1 code for revoking ORCID * Update social field on link
-because google
7b94876
to
19e7300
Compare
@@ -264,7 +264,7 @@ def make_response_from_ticket(ticket, service_url): | |||
user = { | |||
'external_id_provider': external_credential['provider'], | |||
'external_id': external_credential['id'], | |||
'fullname': cas_resp.attributes['given-names'] + ' ' + cas_resp.attributes['family-name'], | |||
'fullname': '{} {}'.format(cas_resp.attributes.get('given-names'), cas_resp.attributes.get('family-name')), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just FYI: If both names are empty, use the ORCiD id instead. (HotFixed)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When testing on the ORCiD website, they seemed to disallow an empty given-names
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
User can make their profile private and only ORCiD is returned. This is a very rare case we happened to run into. :)
Purpose
Allow users to login via ORCID's OAuth.
Changes
DictionaryField
onUser
to store external auth ID'sSample CAS Response:
Side effects
None expected
Ticket
OSF-6885
OSF-6881
OSF-5162