Using OAUTH2 to authenticate with ORCID

[gmaze]

ORCID is used by the Argo community to populate netcdf files with operators information.
Ifremer is implementing access to the Argo-CTD reference database for DMQC by erddap with an ORCID authentification.
We therefore need to be able to authenticate users in argopy.

The expected API could look like this:

import argopy
argopy.authenticate(service='orcid', user=USER, password=PASSWORD)

or simply:

import argopy
argopy.authenticate()

After authentification, argopy will be able to send erddap requests with the user orcid id.
but I'm not sure this will be enough on the server side to determine user access right to the proected dataset.

[gmaze]

If anyone has an idea on how to do this or help do it, that would be great !

[gmaze]

More info:

• https://api.orcid.org/v3.0/
• https://info.orcid.org/ufaqs/how-does-3-legged-oauth-work/
• https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/
• https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/
• https://info.orcid.org/documentation/integration-guide/registering-a-member-api-client/
• https://info.orcid.org/documentation/integration-guide/customizing-the-sign-in-register-screen/

[leportella]

Hi :) I can try helping out on this one. Do we have this authenticate method today already? I couldn't find its definition in the repo. If not, how is the authetication done today? Thanks!

[gmaze]

hi @leportella
thanks for raising your hand on this !
Basically, right now, argopy has no authentication process at all, that's why you didn't found any

We come to face the issue of having to fetch protected data from a web server (Erddap Ifremer) that is using ORCID to login users.

we thought that if argopy could be authenticating users with orcid as well, then we could fetch these protected data.
but I'm not sure this would work at all, may be you have an idea about this ?

but in any case, I think it would be useful over the long run for argopy to be able to authenticate orcid users, because the orcid ID is more and more used by the Argo Data Management Team to populate some parameters of the Argo dataset (especially to document quality control procedure). So this would be helpful at some point

[leportella]

I talked briefly with @ocefpaf and I think that this problem is 2 different problems from what I can tell:

1. being able to authenticate in a session (be it in jupyter notebook or not) via something like argopy.authenticate
2. being able to signup and authenticate using OAUTH2 (social networks)

Ideally, we need to understand how to do 1 before doing 2. Does that make sense?

[gmaze]

this is on the verge of my knowledge !
I would have said that 2 can be used to make 1, and I see OAUTH2 to be more general that the specific social networks login

[gmaze]

Following discussions at https://github.com/BobSimons/erddap/issues/92 ...

I can share here a peace of code I had working this morning that allows to request the erddap and get access to protected data, considering a initial procedure we will need to do differently:

1. Go to the erddap webpage and login with orcid
2. Open the devtools and get the value of the cookie named JSESSIONID
3. Now you can send a request to the erddap using this cookie:

import aiohttp
import pandas as pd

url = 'https://erddap-val.ifremer.fr/erddap/info/index.json'
cookies = {'JSESSIONID': <COOKIEVALUE>}
async with aiohttp.ClientSession(cookies=cookies) as session:
    async with session.get(url) as resp:
        data = await resp.json()
df = pd.DataFrame(data['table']['rows'], columns=data['table']['columnNames'])
df = df[['Accessible', 'Dataset ID', 'Title']]
df

Accessible	Dataset ID	Title
public	allDatasets	* The List of All Active Datasets in this ERDD...
yes	Argo-ref-ctd	CTD Reference Measurements
public	Argo-ref-ctd-public	CTD Reference Measurements

So I guess, we are now left with the difficulty of getting this cooky automatically

[github-actions]

This issue was marked as staled automatically because it has not seen any activity in 90 days

[gmaze]

Closing this issue because such authentication is no longer required