Time
S
Nick
Message
00:19 rigelk joined #dataverse
01:51 nils`` joined #dataverse
08:17 jri joined #dataverse
08:28 poikilotherm joined #dataverse
08:32 poikilotherm joined #dataverse
10:49 pdurbin
poikilotherm: mornin'. How's the OIDC stuff going? And would you be able to summarize our decided approach in an issue somewhere?
10:55 poikilotherm
Morning! Happy Halloween :-)
10:55 poikilotherm
Oh I definitely need to describe more than that...
10:56 poikilotherm
After digging more into the code, I asked myself "what about refactoring the whole thing" so I can really reuse the current infrastructure, frontend etc, but have backends for both types
11:12 poikilotherm
MAybe we should discuss this again in a VC?
11:13 poikilotherm
Before writing an issue/coding?
11:14 pdurbin
poikilotherm: sure! I'm still at home though. Have coffee. Need breakfast.
11:14 poikilotherm
<sarcasm>You need that?</sarcasm>
11:15 pdurbin
:)
11:15 pdurbin
It's supposed to rain tonight. Cold rain for the trick or treaters. :(
11:16 poikilotherm
We have sunny weather, but cold already... ~3°C
11:16 poikilotherm
Had ice on my cat this morning...
11:16 poikilotherm
s/cat/car/
11:16 pdurbin
Hmm, I guess this means Hacktoberfest is almost over. Are you planning on posting to that thread with a summary? Or any conclusions?
11:47 pdurbin
Should we participate again next year? That sort of thing. :)
12:19 donsizemore joined #dataverse
12:19 donsizemore
@poikilotherm 23°C was our low this morning. come visit!
12:27 poikilotherm
pdurbin: done
12:27 poikilotherm
donsizemore: Oh yeah. That sounds fancy.
12:46 pdurbin
poikilotherm: I'm at my desk and I'd say we'd have at least 15 minutes before my officemates appear. Want to do another zoom?
12:46 poikilotherm
Sure :-)
12:47 pdurbin
Anyone who wants to talk about auth is welcome to join.
12:48 poikilotherm
https://zoom.us/j/112726829?pwd=d2hWZzIzNmJoQW1ZMnJnMDI5LzZEdz09
13:17 donsizemore
@poikilotherm i'm all for cilogon! quick q:
13:17 pdurbin
"smallest diff possible"
13:17 poikilotherm
Thx for joining :-)
13:17 poikilotherm
donsizemore was that your real background in the office or do you have a nice greenscreen?
13:17 donsizemore
if there were existing principals from say shibboleth and/or existing oauth2, would they see any change should the provider switch to cilogon?
13:18 poikilotherm
Sorry donsizemore, but I'm not sure I understand your question...
13:19 donsizemore
@poikilotherm that was "garden party" (christopher robin has all his stuffed animals set up for pooh's birthday). zoom only displays moving objects
13:19 donsizemore
so, i'm on a project at renci, which uses cilogon. choose my university, i get sent to my university's sso (shibboleth)
13:19 donsizemore
and our dataverse has a ton of existing shibboleth users; we've been federated since 2016)
13:20 poikilotherm
cilogon is using Oauth2 or shib integration?
13:20 donsizemore
in theory the principle should be the same if the login method changes?
13:23 poikilotherm
Don if you want we can do a VC, too
13:23 poikilotherm
Because I think I got it, but it might be all wrong
13:27 poikilotherm
I really hope to have it right: are you asking for if people could login via OAuth2 and have the same user account as they used when login via Shibboleth?
13:28 donsizemore
i'm basically asking about principles and auth methods. for instance krb, ldap and ad here would all share the same numeric uid
13:28 donsizemore
and wondering what if anything would need to happen account conversion-wise should we switch to cilogon (which i would love to do)
13:31 poikilotherm
Is CILogin using OAuth2?
13:32 poikilotherm
Because when you want to reuse the existing accounts, you will have to make sure, the ID matches
13:33 poikilotherm
For Shibboleth, it's always going like that: http://github.com/poikilotherm/dataverse/blob/master/src/main/java/edu/harvard/iq/dataverse/Shib.java#L216-L218
13:34 poikilotherm
For Oauth2, it's http://github.com/poikilotherm/dataverse/blob/master/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/OAuth2LoginBackingBean.java#L109-L110
13:34 donsizemore
what i mean. if the principle matches, we should be good?
13:34 poikilotherm
with "principle" you mean the "eppn" attributes?
13:35 poikilotherm
Because that's not gonna happen - OAuth2 uses the "id" fields from the auth provider. If those matches to be like the persistent id crafted for shib users, you would be good.
13:35 poikilotherm
This is very unlikely to be
13:36 donsizemore
if there's an edge case, UNC will find it ;)
13:36 poikilotherm
Well, this has never been supported... ;-)
13:36 poikilotherm
You can convert
13:36 poikilotherm
From Shib to local to Oauth
13:37 poikilotherm
IIRC you cannot directly convert shib to oauth, but pdurbin might know more
13:38 poikilotherm
The whole stuff I'm up to with having an IDM in front of this is about enabling these multi account logins ;-)
13:49 donsizemore joined #dataverse
14:47 pdurbin
poikilotherm: right, you have to convert from remote to builtin to remote. You can't convert straight from remote to remote.
14:56 donsizemore
but if the eppn is the same...
14:57 poikilotherm
The lookup of the user is not using the eppn
14:58 poikilotherm
Or not only eppn
14:59 poikilotherm
The id for Shib users is always "<shibIdp>|<eppn>"
15:00 donsizemore
oh oh useridentifier
15:00 poikilotherm
That's what's saved in the database
15:00 poikilotherm
So if you login via another provider like an OAuth2 one, you will need to have that provider send exactly this id in their access token
15:01 poikilotherm
As said before: unlikely to happen. Might work with custom provider.
15:07 pdurbin
For ORCID login we use the ORCID ID as the thing that never changes, the thing we put in the database.
15:11 poikilotherm
Yeah. http://github.com/poikilotherm/dataverse/blob/master/src/main/java/edu/harvard/iq/dataverse/authorization/providers/oauth2/impl/OrcidOAuth2AP.java#L96-L99
15:11 poikilotherm
I remember refactoring this :-D
15:13 poikilotherm
I tried to make this kind of hacking on the object easier, so this is totally possible for a custom provider
15:13 poikilotherm
It could choose not to use the provider id attribute from the access token but fiddle around with eppn and others to create the same ids as Shib does
15:14 poikilotherm
Depends on what CILogin provides as a response or at a user info endpoint
15:15 poikilotherm
pdurbin: we should do some architecture diagrams for this. someday.
15:15 poikilotherm
Maybe use C4 for that
15:16 poikilotherm
(no, not the explosives)
15:40 pdurbin
let's blow it up
15:41 pdurbin
donsizemore: when you have a moment, I just gave everybody a brain dump from your "state of Jenkins" email
15:41 poikilotherm
I'm writing an issue right now about refactoring OAuth2 for ORCID and TokenData ;-)
15:42 pdurbin
poikilotherm: cool, should we have an issue for JWT also?
15:43 poikilotherm
Maybe. JWT is strong with Microservices. Lets focus on OIDC support for now
15:43 pdurbin
Ok. I'm not sure if we have a real use case for JWT yet anyway. I don't remember anyone asking for JWT support.
15:44 pdurbin
poikilotherm: please don't forget to create an issue for me in your "I wish Phil would do for me" column.
15:54 poikilotherm
https://github.com/IQSS/dataverse/issues/6329
15:54 poikilotherm
On it, on it
15:54 poikilotherm
JWT might be interesting down the road for integrations
15:55 poikilotherm
pdurbin: do you and others at IQSS like the way I write issues? I tend to write long texts to make my point clear, but it might be too much...
15:59 pdurbin
poikilotherm: sure, your issues are fine. More screenshots, please. :)
16:00 poikilotherm
Ok. In that issue where do you wish there'd be a screenshot?
16:00 pdurbin
Oh, maybe not that issue. Lemme look again.
16:01 * poikilotherm
*thumbs up*
16:01 pdurbin
man, the whole "play with orcid auth" process *is* tedious, I couldn't agree more
16:02 poikilotherm
May I paraphrase it frankly?
16:04 pdurbin
careful, this channel is logged :)
16:05 pdurbin
juancorr: I think sekmiller is leaving you a comment on github
16:05 pdurbin
I can hear him typing madly anyway. :)
16:07 poikilotherm
Oh just FLOWERS FLOWERS FLOWERS FLOWERS everywhere.
16:07 pdurbin
:)
16:07 pdurbin
I'm still reading.
16:07 poikilotherm
I see. It's too long. Wall of text.
16:08 pdurbin
No, no, it's fine. I like the detail. But what's the bottom line? Is it possible to switch from the ORCID API that costs money to some sort of free API?
16:09 poikilotherm
Sure.
16:09 poikilotherm
Just use that Public API
16:09 pdurbin
Interesting. I wonder if the Public API has more features these days.
16:10 pdurbin
I don't remember ever seeing this comparison you found.
16:10 poikilotherm
http://members.orcid.org/api/about-public-api
16:11 poikilotherm
That first paragraph paraphrases it pretty much what you can do with it
16:12 pdurbin
Is it new? Or does it offer more than in the past?
16:12 poikilotherm
I have no idea what it has been offering in the past.
16:12 poikilotherm
Sorry
16:16 pdurbin
poikilotherm: no worries, have you seen https://github.com/IQSS/dataverse/issues/5689 ?
16:16 poikilotherm
Yes, I linked it in the issue
16:17 pdurbin
Will ORCID API 2.0 and 2.1 be supported indefinitely?
16:17 poikilotherm
Hmm I didn't mention it down the line...
16:17 poikilotherm
Most certainly not
16:17 poikilotherm
IIRC 2.0 is offline
16:17 pdurbin
Oh!
16:17 poikilotherm
Let me do a quick check
16:17 pdurbin
When will 2.1 go offline?
16:17 poikilotherm
It might be a number turned around
16:18 poikilotherm
Ah here we go https://groups.google.com/forum/#!msg/orcid-api-users/1y0O5ch16ww/OFvblCmtDAAJ
16:18 poikilotherm
RCs of 2.0
16:20 pdurbin
ok
16:23 pdurbin
andrewSC bjonnh donsizemore jri juancorr pmauduit: are any of you interested in testing https://github.com/IQSS/dataverse-installations/pull/25 ? (And leaving a code review.) It's docker-compose stuff. poikilotherm, I thing you have your hands up right now but you're welcome to jump in as well if you want. :)
16:45 pdurbin
poikilotherm: in a little bit I can give you another example of how I try to make code review easier.
16:49 poikilotherm
pdurbin: I just left a review for you https://github.com/IQSS/dataverse-installations/pull/25#pullrequestreview-310026137
16:50 poikilotherm
pdurbin: go ahead
16:50 pdurbin
for me? :)
16:50 poikilotherm
I'll be off in a couple of minutes
16:50 pdurbin
for tcoupin you mean :)
16:51 pdurbin
I'm not ready to push this branch quite yet. Soon. Go get your kids. Take them trick or treating. :)
16:51 poikilotherm
I'll head for construction site
16:52 poikilotherm
Mommy is taking care of 'em and will meet up with our American-German friends for trick-or-treating :-)
16:53 pdurbin
nice
17:08 poikilotherm
pdurbin: here you go : https://github.com/IQSS/dataverse/issues/6331
17:10 pdurbin
thanks, I think you may have linked to the wrong issue
17:11 pdurbin
"for moving on with issue #5947."
17:11 poikilotherm
Good catch! Fixed.
17:11 pdurbin
thanks
17:11 donsizemore
@pdurbin let me brush my teeth, and i'd love to hear how the brain dump poured
17:17 pdurbin
donsizemore: sure, I told them I'd forward the email to them but then I thought, "maybe I should reply instead and cc them all". But now that I'm typing this I'm also thinking that we *could* try to discuss on the dataverse-dev mailing list. I'm fine with whatever.
17:17 poikilotherm
I'd be interested, too
17:18 pdurbin
see?! :)
17:18 pdurbin
#SLOPI
17:18 donsizemore
i'm thinking i'm going to downgrade jenkins
17:19 pdurbin
donsizemore: the main thing I want to get across is that everyone who comes to tech hours every week (the developers plus Danny) are very interested in all this great work you're doing.
17:19 pdurbin
poikilotherm: and I probably should have mentioned that you've been helping. donsizemore says you slapped him around a bit. :)
17:21 poikilotherm
https://idioms.thefreedictionary.com/slap+around
17:21 poikilotherm
I can't remember such brute force...
17:21 pdurbin
in a good way
17:22 pdurbin
slap some sense into him
17:22 poikilotherm
Ok good to know that you can use the idiom that way
17:23 poikilotherm
Alright guys. I'm off now. My list has all checks on every point for today.
17:24 poikilotherm
Tomorrow is a holiday here. "Allerheiligen". Read you all on Monday :-)
17:25 poikilotherm
pdurbin: feel free to mention my in your example of a scoped PR
17:25 poikilotherm
I'm curios :-)
17:26 pdurbin
Yeah I might try to remember what I said and put it in that issue.
17:26 pdurbin
but right now I'm in penance for old search code I wrote
18:16 donsizemore
@pdurbin could any fork of IQSS/dataverse conceivably be named something besides "dataverse"?
18:16 donsizemore
@pdurbin if not, i can just hard-code what I need in the Jenkinsfile and we're good
18:49 pdurbin
donsizemore: GitHub does allow one to rename a fork. Sometimes they'll be repo called something like "website" and if I fork it I might change the name.
18:49 pdurbin
a* repo
18:55 pdurbin
donsizemore: but for dataverse I assume people won't rename it very often
19:13 juancorr93 joined #dataverse
19:16 juancorr93
Hi pdurbin, I am sorry, I had not time for Dataverse in these days.
19:16 pdurbin
juancorr93: no worries! We are working on an issue you reported.
19:20 juancorr93
I have seen your pull request merged, Its great. I will try the last File Preview code against last Dataverse code to check the http conection.
19:21 pdurbin
juancorr93: great, could you please leave a comment after https://github.com/IQSS/dataverse/issues/6296#issuecomment-548451108 ?
19:21 juancorr93
But I will do it next Monday. Tomorrow is a holiday day in Spain.
19:22 juancorr93
Yes I am doing it.
19:22 pdurbin
Perfect! Thank you!
19:27 donsizemore
@pdurbin what i'm thinking. we can either wait on them to implement change_fork_full, or hardcode change_fork + "dataverse" for the time being
19:28 donsizemore
@pdurbin it worked until... i need to track down RPM changelogs.
19:29 pdurbin
donsizemore: are you talking about some Jenkins bugs you linked to? I'm sorry, I haven't really dug into your email yet. How should we pull in the tech hours crew? Reply and cc them?
19:30 donsizemore
@pdurbin you should let me a) go home before all hallow's eve starts up in earnest here, b) set up another PR job and test what i want to do, then c) verify you're all cool with hard-coding "dataverse" as the repo name for now
19:31 pdurbin
donsizemore: go home, go home. I hope the rest can wait! I *am* working on a pull request right now. Hoping to get it in within the next hour.
19:42 donsizemore
we were up to 70,000 people one year. it's a good day to go home early. back later!
19:42 pdurbin
:)
20:28 pdurbin
Made my pull request! And there goes Jenkins! https://jenkins.dataverse.org/job/IQSS-Dataverse-Develop-PR/view/change-requests/job/PR-6333/
