Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Public ORCID login is available. #7025

Merged
merged 10 commits into from
Jul 20, 2020
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
{
"id":"orcid-public",
"factoryAlias":"oauth2",
"title":"ORCID",
"subtitle":"",
"factoryData":"type: orcid | userEndpoint: https://pub.orcid.org/v2.1/{ORCID}/person | clientId: FIXME | clientSecret: FIXME",
"enabled":true
}
7 changes: 4 additions & 3 deletions doc/sphinx-guides/source/installation/oauth2.rst
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,11 @@ Identity Provider Side
Obtain Client ID and Client Secret
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Before OAuth providers will release information about their users (first name, last name, etc.) to your Dataverse installation, you must request a "Client ID" and "Client Secret" from them. In the case of GitHub and Google, this is as simple as clicking a few buttons and there is no cost associated with using their authentication service. ORCID and Microsoft, on the other hand, do not have an automated system for requesting these credentials, and it is not free to use these authentication services.
Before OAuth providers will release information about their users (first name, last name, etc.) to your Dataverse installation, you must request a "Client ID" and "Client Secret" from them. In many cases you can use providers' automated system to request these credentials, but if not, contact the provider for assistance.

URLs to help you request a Client ID and Client Secret from the providers supported by Dataverse are provided below. For all of these providers, it's a good idea to request the Client ID and Client secret using a generic account, perhaps the one that's associated with the ``:SystemEmail`` you've configured for Dataverse, rather than your own personal Microsoft Azure AD, ORCID, GitHub, or Google account:

- ORCID: https://orcid.org/content/register-client-application-production-trusted-party
- ORCID: https://orcid.org/content/register-client-application-0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- ORCID: https://orcid.org/content/register-client-application-0
- ORCID: https://orcid.org/content/register-client-application

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please update the top comment of the PR to match the pull request template format in other PRs

This done so I'm moving this to code review.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting. I got the longer link with the "-0" at the end from https://orcid.org/organizations/integrators but I do think the shorter link looks nicer (and goes to the same place) so it would be a good change. @felker13 I don't have access to accept this change.

- Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
- GitHub: https://github.com/settings/applications/new via https://developer.github.com/v3/oauth/
- Google: https://console.developers.google.com/projectselector/apis/credentials via https://developers.google.com/identity/protocols/OAuth2WebServer (pick "OAuth client ID")
Expand All @@ -51,7 +51,8 @@ As explained under "Auth Modes" in the :doc:`config` section, available authenti

We will ``POST`` a JSON file containing the Client ID and Client Secret to this ``authenticationProviders`` API endpoint to add another authentication provider. As a starting point, you'll want to download the JSON template file matching the provider you're setting up:

- :download:`orcid.json <../_static/installation/files/root/auth-providers/orcid.json>`
- :download:`orcid-public.json <../_static/installation/files/root/auth-providers/orcid-public.json>`
- :download:`orcid-member.json <../_static/installation/files/root/auth-providers/orcid-member.json>`
- :download:`github.json <../_static/installation/files/root/auth-providers/github.json>`
- :download:`google.json <../_static/installation/files/root/auth-providers/google.json>`
- :download:`microsoft.json <../_static/installation/files/root/auth-providers/microsoft.json>`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,13 @@ public class OrcidOAuth2AP extends AbstractOAuth2AuthenticationProvider {
public static final String PROVIDER_ID_SANDBOX = "orcid-sandbox";

public OrcidOAuth2AP(String clientId, String clientSecret, String userEndpoint) {
scope = Arrays.asList("/read-limited");

if(userEndpoint != null && userEndpoint.startsWith("https://pub")) {
this.scope = Arrays.asList("/authenticate");
} else {
this.scope = Arrays.asList("/read-limited");
}

this.clientId = clientId;
this.clientSecret = clientSecret;
this.baseUserEndpoint = userEndpoint;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,13 @@
import edu.harvard.iq.dataverse.authorization.providers.oauth2.AbstractOAuth2AuthenticationProvider;
import edu.harvard.iq.dataverse.authorization.providers.oauth2.OAuth2Exception;
import java.util.Arrays;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import org.junit.Test;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;
import org.junit.jupiter.params.provider.ValueSource;

import static org.junit.jupiter.api.Assertions.*;

/**
*
Expand Down Expand Up @@ -41,6 +45,15 @@ private static String loadResponseXML(String fname) {
}
return txt;
}

@ParameterizedTest
@CsvSource({"https://pub.orcid.org/v2.1/{ORCID}/person,/authenticate", "https://api.orcid.org/v2.0/{ORCID}/person,/read-limited"})
public void testPublicApiScope(String endpoint, String scope) {
// when
OrcidOAuth2AP provider = new OrcidOAuth2AP("clientId", "clientSecret", endpoint);
// then
assertEquals(scope, provider.getSpacedScope());
}

@Test
public void testParseUserResponse() {
Expand Down Expand Up @@ -82,14 +95,14 @@ public void testExtractOrcid() throws OAuth2Exception {
assertEquals("0000-0001-2345-6789", sut.extractOrcidNumber(response));
}

@Test( expected=OAuth2Exception.class )
@Test
public void testExtractOrcidBad() throws OAuth2Exception {
// sample response from https://members.orcid.org/api/tutorial/read-orcid-records
String response = "{\"access_token\":\"f5af9f51-07e6-4332-8f1a-c0c11c1e3728\",\"token_type\":\"bearer\",\n" +
"\"refresh_token\":\"f725f747-3a65-49f6-a231-3e8944ce464d\",\"expires_in\":631138518,\n" +
"\"scope\":\"/read-limited\",\"name\":\"Sofia Garcia\"}";
OrcidOAuth2AP sut = new OrcidOAuth2AP("clientId", "clientSecret", "userEndpoint");
sut.extractOrcidNumber(response);
assertThrows(OAuth2Exception.class, () -> sut.extractOrcidNumber(response));
}

@Test
Expand Down