orcid: addition of dj-rest-auth

backoffice/backoffice/users/api/views.py

@@ -1,3 +1,6 @@
+from allauth.socialaccount.providers.oauth2.client import OAuth2Client
+from allauth.socialaccount.providers.orcid.views import OrcidOAuth2Adapter
+from dj_rest_auth.registration.views import SocialConnectView, SocialLoginView
 from django.contrib.auth import get_user_model
 from rest_framework import status
 from rest_framework.decorators import action
@@ -23,3 +26,12 @@ def get_queryset(self, *args, **kwargs):
     def me(self, request):
         serializer = UserSerializer(request.user, context={"request": request})
         return Response(status=status.HTTP_200_OK, data=serializer.data)
+
+
+class OrcidLogin(SocialLoginView):
+    adapter_class = OrcidOAuth2Adapter
+    client_class = OAuth2Client
+
+
+class OrcidConnect(SocialConnectView):
+    adapter_class = OrcidOAuth2Adapter

backoffice/config/settings/base.py

@@ -95,19 +95,29 @@
     "allauth",
     "allauth.account",
     "allauth.socialaccount",
+    "allauth.headless",
+    "allauth.socialaccount.providers.orcid",
     "django_celery_beat",
     "rest_framework",
     "rest_framework.authtoken",
     "corsheaders",
     "drf_spectacular",
-    "allauth.socialaccount.providers.orcid",
     "django_prometheus",
     "django_opensearch_dsl",
     "django_elasticsearch_dsl_drf",
     "rest_framework_simplejwt",
     "django_json_widget",
+    "dj_rest_auth",
+    "dj_rest_auth.registration",
 ]
 
+REST_AUTH = {
+    "SESSION_LOGIN": True,
+    "USE_JWT": True,
+    "JWT_AUTH_COOKIE": "auth",
+    "JWT_AUTH_HTTPONLY": False,
+}
+
 LOCAL_APPS = ["backoffice.users", "backoffice.workflows", "backoffice.management"]
 # https://docs.djangoproject.com/en/dev/ref/settings/#installed-apps
 INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS
@@ -127,7 +137,7 @@
 # https://docs.djangoproject.com/en/dev/ref/settings/#auth-user-model
 AUTH_USER_MODEL = "users.User"
 # https://docs.djangoproject.com/en/dev/ref/settings/#login-redirect-url
-LOGIN_REDIRECT_URL = "users:redirect"
+LOGIN_REDIRECT_URL = "/accounts/login/success"
 # https://docs.djangoproject.com/en/dev/ref/settings/#login-url
 LOGIN_URL = "account_login"
 
@@ -349,6 +359,7 @@
         "rest_framework.authentication.SessionAuthentication",
         "rest_framework.authentication.TokenAuthentication",
         "rest_framework_simplejwt.authentication.JWTAuthentication",
+        "dj_rest_auth.jwt_auth.JWTCookieAuthentication",
     ),
     "DEFAULT_PERMISSION_CLASSES": (
         "backoffice.management.permissions.IsAdminOrCuratorUser",
@@ -378,10 +389,11 @@
         "APP": {
             "client_id": env("ORCID_CLIENT_ID", default=""),
             "secret": env("ORCID_CLIENT_SECRET", default=""),
-            "key": "",
-        }
+        },
     }
 }
+SOCIALACCOUNT_EMAIL_VERIFICATION = False
+ACCOUNT_EMAIL_VERIFICATION = False
 
 
 # Opensearch

backoffice/config/urls.py

@@ -1,3 +1,4 @@
+from allauth.socialaccount.providers.orcid.views import oauth2_callback
 from django.conf import settings
 from django.conf.urls.static import static
 from django.contrib import admin
@@ -9,6 +10,8 @@
 from rest_framework.authtoken.views import obtain_auth_token
 from rest_framework_simplejwt.views import TokenObtainPairView, TokenRefreshView
 
+from backoffice.users.api.views import OrcidConnect, OrcidLogin
+
 urlpatterns = [
     path("", TemplateView.as_view(template_name="pages/home.html"), name="home"),
     path(
@@ -25,9 +28,11 @@
     # Static file serving when using Gunicorn + Uvicorn for local web socket development
     urlpatterns += staticfiles_urlpatterns()
 
+
 # API URLS
 urlpatterns += [
     # API base url
+    path("api/oauth/authorized/orcid/", oauth2_callback, name="orcid_callback"),
     path("api/", include("config.search_router")),
     path("api/", include("config.api_router")),
     # DRF auth token
@@ -40,6 +45,11 @@
     ),
     path("api/token/", TokenObtainPairView.as_view(), name="token_obtain_pair"),
     path("api/token/refresh/", TokenRefreshView.as_view(), name="token_refresh"),
+    path("_allauth/", include("allauth.headless.urls")),
+    path("dj-rest-auth/", include("dj_rest_auth.urls")),
+    path("dj-rest-auth/registration/", include("dj_rest_auth.registration.urls")),
+    path("dj-rest-auth/orcid/", OrcidLogin.as_view(), name="orcid_login"),
+    path("dj-rest-auth/orcid/connect/", OrcidConnect.as_view(), name="orcid_connect"),
 ]
 
 

backoffice/pyproject.toml

@@ -124,7 +124,7 @@ uvicorn = {version = "0.23.2", extras = ["standard"]}
 django = "4.2.6"
 django-environ = "0.11.2"
 django-model-utils = "4.3.1"
-django-allauth = "0.57.0"
+django-allauth = {extras = ["headless"], version = "^64.2.1"}
 django-crispy-forms = "2.1"
 crispy-bootstrap5 = "0.7"
 django-redis = "5.4.0"
@@ -150,6 +150,7 @@ opensearch-py = "2.6.0"
 djangorestframework-simplejwt = "^5.3.1"
 django-json-widget = "^2.0.1"
 sentry-sdk = "1.19.1"
+dj-rest-auth = "^6.0.0"
 
 [tool.poetry.dev-dependencies]
 factory-boy = "3.3.0"

ruff.toml

@@ -1,5 +1,5 @@
 target-version = "py311"
-ignore = ["PT009"]
+lint.ignore = ["PT009"]
 
 [lint.flake8-tidy-imports]
 ban-relative-imports = "all"