This change has introduced a bug for lightweight accounts. CERN lightweight accounts do not have have a uidNumber, so when logging in you get a stack trace on external_id:
KeyError: 'uidNumber'
invenio_oauthclient/contrib/cern.py in account_info at line 262
def account_info(remote, resp):
"""Retrieve remote account information used to find local user."""
resource = get_resource(remote)
email = resource['EmailAddress'][0]
external_id = resource['uidNumber'][0]
Click to see an example of a login with a lightweight CERN account
This change has introduced a bug for lightweight accounts. CERN lightweight accounts do not have have a
uidNumber
, so when logging in you get a stack trace onexternal_id
:KeyError: 'uidNumber'
Click to see an example of a login with a lightweight CERN account
``` [ { "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "Value": "@gmail.com"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
"Value": "@gmail.com"
},
{
"Type": "http://schemas.xmlsoap.org/claims/UPN",
"Value": "@gmail.com"
},
{
"Type": "http://schemas.xmlsoap.org/claims/EmailAddress",
"Value": "@gmail.com"
},
{
"Type": "http://schemas.xmlsoap.org/claims/CommonName",
"Value": "j34hwtjhtg54g64j646g4"
},
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
"Value": "CERN Externals"
},
{
"Type": "http://schemas.xmlsoap.org/claims/DisplayName",
"Value": "@gmail.com"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"Value": "@gmail.com"
},
{ "Type": "http://schemas.xmlsoap.org/claims/PersonID", "Value": "-3243534" },
{
"Type": "http://schemas.xmlsoap.org/claims/IdentityClass",
"Value": "Unverified External"
},
{ "Type": "http://schemas.xmlsoap.org/claims/Federation", "Value": "CERN" },
{ "Type": "http://schemas.xmlsoap.org/claims/AuthLevel", "Value": "Normal" },
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod",
"Value": "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password"
},
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant",
"Value": "2018-10-19T13:53:34.834Z"
},
{ "Type": "urn:oauth:scope", "Value": "all" },
{
"Type": "http://schemas.xmlsoap.org/claims/Group",
"Value": "All Exchange People"
}
]
```
Click to see an example of a login with a normal CERN account
``` [ { "Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "Value": "@cern.ch"
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn",
"Value": "@cern.ch"
},
{
"Type": "http://schemas.xmlsoap.org/claims/UPN",
"Value": "@cern.ch"
},
{
"Type": "http://schemas.xmlsoap.org/claims/EmailAddress",
"Value": "@cern.ch"
},
{
"Type": "http://schemas.xmlsoap.org/claims/CommonName",
"Value": ""
},
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/role",
"Value": "CERN Users"
},
{
"Type": "http://schemas.xmlsoap.org/claims/DisplayName",
"Value": ""
},
{
"Type": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"Value": ""
},
{ "Type": "http://schemas.xmlsoap.org/claims/Building", "Value": "" },
{ "Type": "http://schemas.xmlsoap.org/claims/Firstname", "Value": "" },
{ "Type": "http://schemas.xmlsoap.org/claims/Lastname", "Value": "" },
{ "Type": "http://schemas.xmlsoap.org/claims/Department", "Value": "" },
{
"Type": "http://schemas.xmlsoap.org/claims/HomeInstitute",
"Value": "CERN"
},
{ "Type": "http://schemas.xmlsoap.org/claims/PersonID", "Value": "" },
{ "Type": "http://schemas.xmlsoap.org/claims/uidNumber", "Value": "" },
{ "Type": "http://schemas.xmlsoap.org/claims/gidNumber", "Value": "" },
{
"Type": "http://schemas.xmlsoap.org/claims/PreferredLanguage",
"Value": "EN"
},
{
"Type": "http://schemas.xmlsoap.org/claims/IdentityClass",
"Value": "CERN Registered"
},
{ "Type": "http://schemas.xmlsoap.org/claims/Federation", "Value": "CERN" },
{ "Type": "http://schemas.xmlsoap.org/claims/AuthLevel", "Value": "Normal" },
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod",
"Value": "http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password"
},
{
"Type": "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant",
"Value": "2018-10-19T12:41:25.214Z"
},
{ "Type": "urn:oauth:scope", "Value": "all" },
{
"Type": "http://schemas.xmlsoap.org/claims/Group",
"Value": "All Exchange People"
},
... List of e-groups here ...
]
```
This is causing a 500 Internal Server Error.