Closed craig-willis closed 3 years ago
What we can do instead is treat DataONE's JWT as an API key similarly to what we do for Zenodo / Dataverse. We would need to tell user to manually go to https://cn.dataone.org/portal/token and copy and paste what they see there (which is JWT).
That sounds like the best option to me. This way the UI treats all repositories the same, it's just a little more complicated for the user to retrieve the DataONE "key".
We were aware this was going to happen soon in browsers, and we plan to make changes to no longer require or use a 3rd party cookie, in favor of using JWT with oauth refresh tokens. That will take some work though, and so I think your plan sounds good for the time being.
Problem
Our strategy for authenticating with DataONE requires browser support for third party cookies. As of April, Chrome is no longer supporting third party cookies by default. This means that publishing to DataONE will not work until this problem is resolved, which will likely require changes to the auth process on the DataONE side, or if the user changes the browser setting.
Steps to Reproduce
access_token
Expected Results
Connect to D1 should get a valid token for the user using default browser settings
Actual Results
Connect to D1 fails
Workaround To publish to DataONE, user must enable third-party cookies