500 error when logging in with ORCID

[craig-willis]

When I try to login via ORCID on prod, test, and dev I get a 500 error. Oddly, on dashboard.stage.wholetale.org I don't get the 500. I also don't see it when logging in via globus.org directly.

To Repeat

• Open private/incognito session
• https://dashboard.wholetale.org > Access Whole Tale (or https://dashboard.test.wholetale.org)
• Sign in with ORCID

Likely related to https://github.com/whole-tale/girder_wholetale/issues/459

[Xarthisius]

It happens with https://github.com/whole-tale/girder_wholetale/blob/ea292887d799429a24a693ebdd12450b893da402/server/lib/deriva/auth.py#L8

and ftr:

https://github.com/whole-tale/girder_wholetale/blob/ea292887d799429a24a693ebdd12450b893da402/server/constants.py#L17-L18

Commenting this line out let's me log in with Globus + ORCID. If I bring it back I get the reported 500.

[craig-willis]

This is happening again for me on local.

As before, commenting out Globus.addScopes for DERIVA resolves it, but this time there are no duplicate scopes:

In [2]: Globus._AUTH_SCOPES
Out[2]:
['urn:globus:auth:scope:auth.globus.org:view_identities',
 'openid',
 'profile',
 'email',
 'urn:globus:auth:scope:transfer.api.globus.org:all',
 'https://auth.globus.org/scopes/a77ee64a-fb7f-11e5-810e-8c705ad34f60/deriva_all']

[Xarthisius]

I don't think we need 'urn:globus:auth:scope:auth.globus.org:view_identities', nor openid and profile. We could try dropping them instead of deriva.

[craig-willis]

Encountered this again while testing v1.2rc1 on staging:

https://girder.stage.wholetale.org/api/v1/integration/zenodo?doi=10.5072%2Fzenodo.1021503&resource_server=sandbox.zenodo.org

Logging in via ORCID results in 500 error again because the state is too large (2031 characters). The request does include the full URL, but this indicates that any integration has the potential to fail because of the limit.