qiita icon indicating copy to clipboard operation
qiita copied to clipboard

Published 20 hours ago verified publisher icon qiita-spots

Switch to Globus Auth authentication

Open lukaszlacinski opened this issue 5 years ago • 4 comments

The pull request replaces local authentication with the Globus Auth IdP. It still uses the same User model which contains username, name, password, affiliation, address, phone but the information is obtained from Globus Auth. Globus Auth provides a sub (OIDC subject which is a unique UUID in this case), preferred_username, name, organization, email. The following Globus information is mapped to the Qiita User fields: preferred_username -> username, name -> name, organization -> affiliation. The GlobusOAuth2LoginHandler also exchanges an OAuth2 authorization code to access/refresh tokens that can be used to submit file transfers, etc.

lukaszlacinski avatar Aug 08 '19 18:08 lukaszlacinski

  • Once you login, you end in the page below; not sure why but if I go back to the main page I can see that I'm logged in: Screen Shot 2019-08-08 at 2 26 18 PM

It has been fixed.

  • The login doesn't show my UCSD email but the globus ID (I think), is that expected? Screen Shot 2019-08-08 at 2 26 31 PM

Qiita uses email addresses as usernames. Globus does not. In effect, you see your Globus username, you used to log into Globus as a Qiita username, instead of your email address you were asked to provide when you were creating your Globus account. Probably, User model needs to bve migrated to add an email field. For the existing users, the email field will be the same as their usernames. For new users when Globus authentication is in place, emails and usernames will be different.

lukaszlacinski avatar Aug 09 '19 03:08 lukaszlacinski

@lukaszlacinski apologies for the radio silence, but we were wondering if instead of replacing the current authentication system with Globus' we could allow users to link their existing Qiita accounts with a Globus account. This way existing users can augment their existing capabilities. In addition users who don't need to use Globus wouldn't have to create a Globus account.

ElDeveloper avatar Jan 16 '21 02:01 ElDeveloper

@ElDeveloper this may be possible. Ideally we'd be able to set it up so new users use Globus, but existing users can do the linking. Do you want to set up a call and have a short chat about how it would work? I'm back at UCSD so I can only ask Lukasz or others in Globus if they have the time or capacity to work on this. If we can define the use case that makes the request clearer.

rpwagner avatar Jan 20 '21 20:01 rpwagner

Very exciting, sure let's discuss this in more detail.

ElDeveloper avatar Jan 27 '21 22:01 ElDeveloper