Implement OpenID Connect/OAuth to login using ORCID
vemonet opened this issue · 0 comments
Is your feature request related to a problem? Please describe.
When we want to create resources in a FAIR Data Point we need to create an account in this FAIR Data Point. With a specific email/password combination
It causes users to create a new "online identity" just for this FDP, based on the email.
Describe the solution you'd like
Connect with an external OAuth provider / OpenID Connect. Such as ORCID (really popular among researchers, already used by a lot of application as a "FAIR online identity"
You could also allow connection through Google or github, etc
It would be much better for the quality of the data people are putting in the FAIR Data Point. Because you will be able to automatically add the creator of the resource using the logged user ORCID. It will make the resources more FAIR. And your service will be more modern
For the deployment of a new FDP the person who deploy it can easily go to https://orcid.org/developer-tools and add the redirect URLs. You'll just need to add some doc to explain them how to do it (it is really easy)
Describe alternatives you've considered
You could also allow connection through Google or github, additionally to ORCID
And enable the person who deploy the FDP to choose between OpenID/OAuth or the default old school user database
Additional context
No one on the web does private user database anymore! All serious applications use external OpenID/OAuth providers nowadays, apart from the external OAuth providers themselves of course. Especially that FDP is about web standards, so that will make sense to actually use them! And personally I tend to not trust application not using OAuth authenticator (and I am probably not the only one), and I am tired to have 100 different online accounts with as many chances to get hacked)
It is really easy to implement, especially on Java since I guess you are using the Spring framework. It is actually easier to implement than to have to implement and maintain the complete user database from scratch (FAIR: Reuse)
You can find examples on how to implement OpenID Connect for ORCID: https://github.com/ORCID/orcid-openid-examples
Once you have implemented it you will be able to use it in all your other applications, they will look much more modern, it will be safer for your users, and easier for your user! Everyone wins!