1095 distinguish openid providers

[cmeessen]

Distinguish between login and coupling auth providers

Fixes #1095 #1097

Changes proposed in this pull request:

• Distinguish between auth providers used for login and for account coupling. This allows couple an ORCID account to an RSD account without having to allow ORCID login simultaneously
• :exclamation: This PR adds a new environment variable RSD_AUTH_COUPLE_PROVIDERS
• contains minor fix: removed the port mapping for the frontend dev mode because this was not necessary

How to test:

• in .env, set:

  RSD_AUTH_PROVIDERS="SURFCONEXT;LOCAL"
  RSD_AUTH_COUPLE_PROVIDERS=ORCID

• docker compose build --parallel && docker compose up --scale scrapers=0
• open login dialogue and verify that providers are Surf and Local only
• login
• navigate to user profile and link an ORCID account to the rsd account
• docker compose down
• add ORCID to RSD_AUTH_PROVIDERS and repeat previous steps. Verify that ORCID login works
• docker compose down
• in .env, comment out RSD_AUTH_COUPLE_PROVIDERS, or set it to something else than ORCID
• launch RSD and verify that ORCID login works but coupling button is not shown
• open the user documentation http://localhost/documentation/rsd-instance/configurations/ and check for updated content about the ORCID integration

PR Checklist:

• [ ] Increase version numbers in docker-compose.yml
• [x] Link to a GitHub issue
• [x] Update documentation
• [ ] Tests

[cmeessen]

Waiting for #1103 to be closed by @ewan-escience

[ewan-escience]

It is also good to note that when ORCID login is disabled and ORCID coupling is enabled, when an ORCID is coupled, this ORCID is still added to the login allow list.

[cmeessen]

It is also good to note that when ORCID login is disabled and ORCID coupling is enabled, when an ORCID is coupled, this ORCID is still added to the login allow list.

I added a warning about this into the documentation, and also split it up into sections for common variables, coupling and authentication respectively. Could you please double check whether all common variables are mentioned correctly?

[ewan-escience]

Could you please double check whether all common variables are mentioned correctly?

Everything seems to be there. You used as exampleORCID_REDIRECT_COUPLE=http://YOUR-RSD-DOMAIN/auth/couple/orcid, maybe you can also use YOUR-RSD-DOMAIN for ORCID_REDIRECT.

[sonarcloud[bot]]

Quality Gate passed for 'authentication'

Issues
0 New issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[sonarcloud[bot]]

Quality Gate passed for 'rsd-frontend'

Issues
0 New issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[cmeessen]

You used as example ORCID_REDIRECT_COUPLE=http://YOUR-RSD-DOMAIN/auth/couple/orcid, maybe you can also use YOUR-RSD-DOMAIN for ORCID_REDIRECT.

I replaced it with the same values as in .env.example to be consistent here, and added a note at the top of the document to replace localhost with the corresponding RSD domain.