Documentation around setting up SSO is limited. In addition to the docs themselves, it is largely found in config.py .
I assume the starting point for writing the current SSO integration config was taken here from config.py. The current approach passes consumer_key and consumer_secret directly to Flask-OAuthLib whereas Invenio prefers to use lazy loading via config app_key .
The invenio-oauthclient module makes one reference to the app_key in configuration for remote apps in a wrapper around the disconnect_handler. This only comes into play when a user tries to disconnect a remote app (an SSO service) from his account. As local logins won't be enabled, this situation can't arise as long as Imperial SSO is the only configured SSO service and as long as a user isn't created before an SSO login occurs.
I've put in a PR for the invenio-oauthclient here.
Developer Checklist
Developers should review and confirm each of these items before requesting review
[ ] Code meets acceptance criteria from issue
[ ] Unit tests are written and all pass
[ ] User Test Scripts (if required) are written and have been run through
[ ] Code documentation and related non-code documentation has all been updated
Reviewer Checklist
Reviewers should review and confirm each of these items before approvalIf there are multiple reviewers, this section can be duplicated for each reviewer
[ ] Code meets acceptance criteria from issue
[ ] Unit tests are written and all pass
[ ] User Test Scripts (if required) are written and have been run through
[ ] Code documentation and related non-code documentation has all been updated
[ ] Migation has been created and tested
Testing
List user test scripts that need to be run
List any non-unit test scripts that need to be run
Documentation around setting up SSO is limited. In addition to the docs themselves, it is largely found in config.py .
I assume the starting point for writing the current SSO integration config was taken here from config.py. The current approach passes
consumer_key
andconsumer_secret
directly to Flask-OAuthLib whereas Invenio prefers to use lazy loading via configapp_key
.The invenio-oauthclient module makes one reference to the
app_key
in configuration for remote apps in a wrapper around the disconnect_handler. This only comes into play when a user tries to disconnect a remote app (an SSO service) from his account. As local logins won't be enabled, this situation can't arise as long as Imperial SSO is the only configured SSO service and as long as a user isn't created before an SSO login occurs.I've put in a PR for the invenio-oauthclient here.
Developer Checklist
Developers should review and confirm each of these items before requesting review
Reviewer Checklist
Reviewers should review and confirm each of these items before approval If there are multiple reviewers, this section can be duplicated for each reviewer
Testing
List user test scripts that need to be run
List any non-unit test scripts that need to be run