Based on the design implemented in the OIDC PoC for the SPA, we need to manage the case in BearerTokenAuthMechanism where there is no registered user account in Dataverse, even though the token is valid in the identity provider.
Different ways to handle this have been discussed, from creating the account transparently to the user to returning some type of response to the API caller indicating that it is necessary to accept the terms of use before registering. This issue therefore involves an initial phase of analysis before implementing the final solution.
Overview of the Feature Request
Based on the design implemented in the OIDC PoC for the SPA, we need to manage the case in BearerTokenAuthMechanism where there is no registered user account in Dataverse, even though the token is valid in the identity provider.
Different ways to handle this have been discussed, from creating the account transparently to the user to returning some type of response to the API caller indicating that it is necessary to accept the terms of use before registering. This issue therefore involves an initial phase of analysis before implementing the final solution.
In the PoC implemented, we are simply creating the user from the JWT claims if the user is not registered: https://github.com/IQSS/dataverse/pull/10910
What kind of user is the feature intended for? SPA user / API user
What inspired the request?
What existing behavior do you want changed?
Any brand new behavior do you want to add to Dataverse?
Any open or closed issues related to this feature request?
Are you thinking about creating a pull request for this feature?
Yes