oauth: adds contrib CERN openid

Signed-off-by: pamfilos <[email protected]>
cernanalysispreservation · Oct 16, 2024 · 26571d2 · 26571d2
1 parent 064601e
commit 26571d2
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/cap/config.py b/cap/config.py
@@ -21,6 +21,7 @@
 from invenio_deposit.scopes import write_scope
 from invenio_deposit.utils import check_oauth2_scope
 from invenio_oauthclient.contrib.cern import REMOTE_APP as CERN_REMOTE_APP
+from invenio_oauthclient.contrib.cern_openid import REMOTE_APP as CERN_OPENID_REMOTE_APP
 from invenio_records_rest.config import RECORDS_REST_ENDPOINTS
 from invenio_records_rest.facets import range_filter, terms_filter
 from invenio_records_rest.utils import allow_all, deny_all
@@ -620,6 +621,11 @@ def _(x):
     'consumer_secret': os.environ.get('INVENIO_CERN_APP_CREDENTIALS_SECRET'),
 }
 
+CERN_APP_OPENID_CREDENTIALS = {
+    'consumer_key': os.environ.get('INVENIO_CERN_APP_OPENID_CREDENTIALS_KEY'),
+    'consumer_secret': os.environ.get('INVENIO_CERN_APP_OPENID_CREDENTIALS_SECRET'),
+}
+
 # Update CERN OAuth handlers - due to REST - mostly only redirect urls
 # and error flashing
 CERN_REMOTE_APP.update(
@@ -629,16 +635,24 @@ def _(x):
     )
 )
 
+CERN_OPENID_REMOTE_APP["params"].update(dict(request_token_params={
+           "scope": "openid profile email cern-login-info offline_access",
+       }))
+
 CERN_REMOTE_APP['signup_handler']['view'] = signup_handler
 
 #: Defintion of OAuth client applications.
 OAUTHCLIENT_REMOTE_APPS = dict(
     cern=CERN_REMOTE_APP,
+    cern_openid=CERN_OPENID_REMOTE_APP
 )
 #: Serializer for extracting `extra_data` from invenio-oauthclient
 OAUTHCLIENT_CERN_EXTRA_DATA_SERIALIZER = oauth_extra_data_serializer
 OAUTHCLIENT_CERN_REFRESH_TIMEDELTA = timedelta(minutes=-10)
 
+# OAUTHCLIENT_CERN_OPENID_EXTRA_DATA_SERIALIZER = oauth_extra_data_serializer
+OAUTHCLIENT_CERN_OPENID_REFRESH_TIMEDELTA = timedelta(minutes=-10)
+OAUTHCLIENT_CERN_OPENID_ALLOWED_ROLES =  ["cern_user", "default-role"]
 #: Defintion of OAuth/Auth client template.
 AUTHENTICATION_POPUP_TEMPLATE = 'auth/authentication_popup.html'
 AUTHENTICATION_POPUP__NO_REDIRECT_TEMPLATE = (

diff --git a/ui/cap-react/src/antd/partials/Header/Menu/Menu.js b/ui/cap-react/src/antd/partials/Header/Menu/Menu.js
@@ -17,8 +17,8 @@ const SimpleMenu = ({
 
   let oauthLink =
     process.env.NODE_ENV === "development"
-      ? `/oauth/login/cern?next=/`
-      : `/api/oauth/login/cern?next=/`;
+      ? `/oauth/login/cern_openid?next=/`
+      : `/api/oauth/login/cern_openid?next=/`;
 
   const menuItems = [
     { key: "home", label: <a href="#home">Home</a> },
@@ -28,14 +28,7 @@ const SimpleMenu = ({
     { key: "documentation", label: <a href="#documentation">Documentation</a> },
     {
       key: "login",
-      label: (
-        <OauthPopup
-          url={oauthLink}
-          loginCallBack={() => initCurrentUser(location.state.next)}
-        >
-          <Button type="primary">Log In</Button>
-        </OauthPopup>
-      ),
+      label: <Button type="primary" href={oauthLink}>Login</Button>
     },
   ];