hepdata
hepdata copied to clipboard
accounts: phase out local login with email and password
The method of logging in with an email address and local password via invenio-accounts
is less secure than using ORCID/CERN login, so it would be good if it could eventually be phased out. At the moment, there are a number of obstacles that would need to be overcome:
- Some accounts (especially, Coordinators) use a group email address with a shared local password, so these accounts cannot easily be mapped to a personal ORCID/CERN login. For group email addresses corresponding to CERN e-groups, it would be necessary to associate a personal CERN login with e-group membership. However, a personal CERN login could be associated with multiple CERN e-groups, possibly each having a separate HEPData account. A user may already be using a personal CERN login for their personal HEPData account distinct from a Coordinator account.
- The
hepdata-cli
tool requires a local password for uploads and it does not currently work with ORCID/CERN login (HEPData/hepdata-cli#5), which seems complicated to implement. - Testing and local development is simple with an email address and local password. This would be complicated if ORCID/CERN login was required.