global: explicitly set and use hide attribute for config

[rekt-hard]

:heart: Thank you for your contribution!

Description

A hide attribute is accessed at some places within the existing code already. These changes will explicitly set this attribute and use it in other places in the code as well. This will allow to hide login with an external account, while at the same time, allow to link an external account in the profile view.

Per default, hide will evaluate to False in order to be compliant with the current logic.

Example config:

def anon_user():
    return not current_user.is_authenticated

helper = k.KeycloakSettingsHelper(
    title="Local KeyCloak",
    description="My organization authentication provider",
    base_url="http://localhost:8087",
    realm="damap",
    # hide_when=anon_user
)

OAUTHCLIENT_REMOTE_APPS = dict(
    orcid={
        **orcid.REMOTE_APP,
        "hide": LocalProxy(lambda: anon_user()),
    },
    keycloak={
        **helper.remote_app,
    },
)

Login only via local keycloak:

Linking of accounts with ORCID also possible:

Checklist

Ticks in all boxes and 🟢 on all GitHub actions status checks are required to merge:

• [ ] I'm aware of the code of conduct.
• [ ] I've created logical separate commits and followed the commit message format.
• [ ] I've added relevant test cases.
• [ ] I've added relevant documentation.
• [ ] I've marked translation strings (for relevant code).
• [ ] I've followed the CSS/JS and React guidelines (for relevant code).
• [ ] I've followed the web accessibility guidelines (for relevant code).
• [ ] I've followed the user interface guidelines (for relevant code).
• [ ] I've identified the copyright holder(s) and updated copyright headers for touched files (>15 lines contributions).
• [ ] I've NOT included third-party code (copy/pasted source code or new dependencies).

Third-party code

If you've added third-party code (copy/pasted or new dependencies), please reach out to an architect.

Reminder

By using GitHub, you have already agreed to the GitHub’s Terms of Service including that:

1. You license your contribution under the same terms as the current repository’s license.
2. You agree that you have the right to license your contribution under the current repository’s license.

[max-moser]

@rekt-hard suggested disabling the /oauth/<remote-app>/ endpoint if the hide config for <remote-app> evaluates to True. Otherwise, users can still use that OP to authenticate, even if it's hidden. I'll merge this PR once that functionality is added.

For dynamic cases (e.g. only allow a given OP for linking but not registering), see the example configuration.