Onboarding - SF connection/authentication

[johnml1135]

One of the key things that the onboarding app needs are the source texts available to the Scripture Forge user from Paratext. Currently, this is a manual, copy/paste, time intensive process that can be combersome and error prone. One solution to this would be something like this:

• Assumed: the onboarding app is in streamlit with the clowder and SILNLP back-end
• Objective: minimum friction of getting SF source data into clowder
• Architecture:
  • The Clowder onboarding app uses the SF authentication token to access SF data
  • New endpoints are added to SF to enable the needed data to be exposed
  • Authentication token has scoped permissions to only access desired data
  • (optional) Clowder is able to push some data back to Scripture Forge, such as the final configuration
• Workflow:
  • A serval-admin in Scripture Forge goes to the Serval admin page
  • There is a link to the "onboarding app" that a person clicks
  • That link (somehow) includes both a link to the onboarding app and the authentication needed to access SF data
  • Users do work in the onboarding app (they have to access this app through Scripture Forge - unless it is also stored in the browser between sessions?)
  • When complete, the user pushes the desired configuration back to SF
  • The user then clicks a link to return to SF

Main questions/concerns:

• What authentication technology should we use? Can it preserve status between browser sessions? Should it? Would authentication be per user or per project? Would all the authentication data be able to be stored in the browser itself? Would we still need a Google drive, etc? Would users have an identity in the onboarding app separate or the same as the SF identity? Would we want to just use the Paratext identity or just grab information from Paratext directly?
• How much work would need to be done in SF to enable this? Which endpoints would be needed?
• Is there a better architecture for this?