Using OAUTH2 to authenticate with ORCID

gmaze commented 1 year ago

ORCID is used by the Argo community to populate netcdf files with operators information. Ifremer is implementing access to the Argo-CTD reference database for DMQC by erddap with an ORCID authentification. We therefore need to be able to authenticate users in argopy.

The expected API could look like this:

import argopy
argopy.authenticate(service='orcid', user=USER, password=PASSWORD)

or simply:

import argopy
argopy.authenticate()

After authentification, argopy will be able to send erddap requests with the user orcid id. but I'm not sure this will be enough on the server side to determine user access right to the proected dataset.

gmaze commented 1 year ago

If anyone has an idea on how to do this or help do it, that would be great !

gmaze commented 1 year ago

More info:

leportella commented 1 year ago

Hi :) I can try helping out on this one. Do we have this authenticate method today already? I couldn't find its definition in the repo. If not, how is the authetication done today? Thanks!

gmaze commented 1 year ago

hi @leportella thanks for raising your hand on this ! Basically, right now, argopy has no authentication process at all, that's why you didn't found any

We come to face the issue of having to fetch protected data from a web server (Erddap Ifremer) that is using ORCID to login users.

we thought that if argopy could be authenticating users with orcid as well, then we could fetch these protected data. but I'm not sure this would work at all, may be you have an idea about this ?

but in any case, I think it would be useful over the long run for argopy to be able to authenticate orcid users, because the orcid ID is more and more used by the Argo Data Management Team to populate some parameters of the Argo dataset (especially to document quality control procedure). So this would be helpful at some point

leportella commented 1 year ago

I talked briefly with @ocefpaf and I think that this problem is 2 different problems from what I can tell:

1) being able to authenticate in a session (be it in jupyter notebook or not) via something like argopy.authenticate 2) being able to signup and authenticate using OAUTH2 (social networks)

Ideally, we need to understand how to do 1 before doing 2. Does that make sense?

gmaze commented 1 year ago

this is on the verge of my knowledge ! I would have said that 2 can be used to make 1, and I see OAUTH2 to be more general that the specific social networks login

gmaze commented 1 year ago

Following discussions at https://github.com/BobSimons/erddap/issues/92 ...

I can share here a peace of code I had working this morning that allows to request the erddap and get access to protected data, considering a initial procedure we will need to do differently:

Go to the erddap webpage and login with orcid
Open the devtools and get the value of the cookie named JSESSIONID
Now you can send a request to the erddap using this cookie:
```
import aiohttp
import pandas as pd
```

url = 'https://erddap-val.ifremer.fr/erddap/info/index.json' cookies = {'JSESSIONID': } async with aiohttp.ClientSession(cookies=cookies) as session: async with session.get(url) as resp: data = await resp.json() df = pd.DataFrame(data['table']['rows'], columns=data['table']['columnNames']) df = df[['Accessible', 'Dataset ID', 'Title']] df


Accessible | Dataset ID | Title
-- | -- | --
public | allDatasets | * The List of All Active Datasets in this ERDD...
yes | Argo-ref-ctd | CTD Reference Measurements
public | Argo-ref-ctd-public | CTD Reference Measurements

So I guess, we are now left with the difficulty of getting this cooky automatically

github-actions[bot] commented 1 year ago

This issue was marked as staled automatically because it has not seen any activity in 90 days

gmaze commented 11 months ago

Closing this issue because such authentication is no longer required

euroargodev / argopy

Using OAUTH2 to authenticate with ORCID #243