Implement OAUTH authentication with ORCIDs

[matentzn]

The user has to authenticated before they are able to use the application. The user is redirected to ORCID for authentication. The users ORCID can be retrieved using the API and is used for KB internal access rights.

[matentzn]

@Robbie1977 Is this correct:

1. New user tries accessing the API. API says: please provide a valid access token; got to ui.data-ingest.virtualflybrain.org to register.
2. User registers on data ingest UI, using OAUTH redirected to ORCID oauth (vfb is registered as an app there)
3. We try to somehow obtain the ORCID from the user object (this may require another call to the api)
4. We redirect the user to an overview page that shows registered projects; we allow the creation of registering datasets here in the UI. User registers dataset.
5. We give the user an access token for any dataset they had registered (aka a kind of password).
6. The user can go to the vfb-image server and upload data using that token.

Does this sound right?

[matentzn]

My suggestion is this: For now (not forever), we

• allow project registration only via email
• allow dataset registration only via UI
• allow neuron/image metadata management via UI and API.