Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle unregistered users in BearerTokenAuthMechanism #10959

Open
GPortas opened this issue Oct 23, 2024 · 0 comments · May be fixed by #10972
Open

Handle unregistered users in BearerTokenAuthMechanism #10959

GPortas opened this issue Oct 23, 2024 · 0 comments · May be fixed by #10972
Assignees
Labels
FY25 Sprint 9 FY25 Sprint 9 (2024-10-23 - 2024-11-06) FY25 Sprint 10 FY25 Sprint 10 (2024-11-06 - 2024-11-20) GREI Re-arch Issues related to the GREI Dataverse rearchitecture Original size: 50 Size: 30 A percentage of a sprint. 21 hours. (formerly size:33) SPA.Q4.4 OIDC login + API authentication SPA These changes are required for the Dataverse SPA Type: Feature a feature request User Role: API User Makes use of APIs

Comments

@GPortas
Copy link
Contributor

GPortas commented Oct 23, 2024

Overview of the Feature Request

Based on the design implemented in the OIDC PoC for the SPA, we need to manage the case in BearerTokenAuthMechanism where there is no registered user account in Dataverse, even though the token is valid in the identity provider.

Different ways to handle this have been discussed, from creating the account transparently to the user to returning some type of response to the API caller indicating that it is necessary to accept the terms of use before registering. This issue therefore involves an initial phase of analysis before implementing the final solution.

In the PoC implemented, we are simply creating the user from the JWT claims if the user is not registered: #10910

What kind of user is the feature intended for?
SPA user / API user

What inspired the request?

What existing behavior do you want changed?

  • BearerTokenAuthMechanism when user is authenticated but no signed up

Any brand new behavior do you want to add to Dataverse?

  • BearerTokenAuthMechanism account creation

Any open or closed issues related to this feature request?

Are you thinking about creating a pull request for this feature?
Yes

@GPortas GPortas added Type: Feature a feature request SPA These changes are required for the Dataverse SPA GREI Re-arch Issues related to the GREI Dataverse rearchitecture Size: 50 A percentage of a sprint. 35 hours. Original size: 50 SPA.Q4.4 OIDC login + API authentication User Role: API User Makes use of APIs labels Oct 23, 2024
@GPortas GPortas added the FY25 Sprint 9 FY25 Sprint 9 (2024-10-23 - 2024-11-06) label Oct 23, 2024
@GPortas GPortas moved this to SPRINT READY in IQSS Dataverse Project Oct 23, 2024
@GPortas GPortas self-assigned this Oct 24, 2024
@GPortas GPortas added Size: 10 A percentage of a sprint. 7 hours. Size: 30 A percentage of a sprint. 21 hours. (formerly size:33) and removed Size: 50 A percentage of a sprint. 35 hours. Size: 10 A percentage of a sprint. 7 hours. labels Nov 7, 2024
@cmbz cmbz added the FY25 Sprint 10 FY25 Sprint 10 (2024-11-06 - 2024-11-20) label Nov 7, 2024
GPortas added a commit that referenced this issue Nov 11, 2024
GPortas added a commit that referenced this issue Nov 15, 2024
GPortas added a commit that referenced this issue Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
FY25 Sprint 9 FY25 Sprint 9 (2024-10-23 - 2024-11-06) FY25 Sprint 10 FY25 Sprint 10 (2024-11-06 - 2024-11-20) GREI Re-arch Issues related to the GREI Dataverse rearchitecture Original size: 50 Size: 30 A percentage of a sprint. 21 hours. (formerly size:33) SPA.Q4.4 OIDC login + API authentication SPA These changes are required for the Dataverse SPA Type: Feature a feature request User Role: API User Makes use of APIs
Projects
Status: No status
2 participants