Skip to content

Split Login and Register, enable OIDC Registration. #20287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 20 commits into
base: dev
Choose a base branch
from
Open

Split Login and Register, enable OIDC Registration. #20287

wants to merge 20 commits into from

Conversation

uwwint
Copy link
Contributor

@uwwint uwwint commented May 19, 2025

This change introduces the ability to configure OIDC registration endpoints. In order to achieve this functionality Login and Register need to be split. The new functionality will do the following:

  1. Add enduser registration endpoint to oidc_backends.xml

  2. Expose them in /api/configuration

  3. Add a galaxy configuration option to disable local accounts

  4. Change the frontend to:
    a. Split Login / Registration into two buttons
    Screenshot 2025-05-20 at 01 27 30

    b. In case only one OIDC provider is configured and local accounts are disabled, Login will redirect the user to the OIDC endpoint.
    In case local accounts are enabled the behavior of previous galaxy is retained.
    Screenshot 2025-05-20 at 01 27 39
    c) In case local accounts are disabled and one OIDC provider with end user registration endpoint exists register will redirect the user straight to the registration of the OIDC provider.
    In case no OIDC provider with end user registration is configured and local accounts are disabled, or local registration is disabled in galaxy.yml, registration is not shown on the UI (as per current behavior)
    If more than one OIDC provider with an endpoint are defined, or local accounts are enabled the Registration page will show all options.

Screenshot 2025-05-20 at 01 27 44

How to test the changes?

(Select all options that apply)

  • I've included appropriate automated tests.
  • This is a refactoring of components with existing test coverage.
  • Instructions for manual testing are as follows:
    In order to test oidc registration, or disabling local accounts manual testing is still required. The best way is to test the following:
    1. disable local accounts, and configure one OIDC provider -> Only Login is visible on the UI, clicking login will directly point the user to the OIDC login.
    2. Enable local accounts and configure one OIDC provider -> Behavior as today.
    3. Enable local accounts and configure one OIDC provider with end user registration endpoint -> Registration page shows button <Register with ...>
Screenshot 2025-05-20 at 01 27 44 3. Disable local accounts and configure one OIDC provider with end user registration endpoint -> Clicking registration will redirect the user to the end user registration point.

License

  • I agree to license these and all my past contributions to the core galaxy codebase under the MIT license.

uwwint added 16 commits May 20, 2025 01:37
@uwwint
Add Config opion disable_local_accounts
5bf8c81
@uwwint
Rename allow_user_creation to allow_local_account_creation
34718a7
@uwwint
add deprecation message for allow_user_creation on galaxy startup
bfff3a9
@uwwint
add logic to disable local account creation when local accounts are d…
3d1b917 
…isabled
@uwwint
Split Login and Registration. Add a new route /register/start duplica…
828aa4e 
…te the login page to not break test. This could be optimized further
@uwwint
If local account creation is disabled do not show username and passwo…
ec91604 
…rd fields and login buttons
@uwwint
rebuild-config
4487c19
@uwwint
add configuration option "end_user_registration_endpoint" to OIDC pro…
3d56ad6 
…vider and push it tothe frontend
@uwwint
refactor ExternalLogin into helper and template implementation. Needs…
579fda6 
… testing with Custos/CILogon
@uwwint
Login will now redirect in case there is only one OIDC provider and l…
915b3b5 
…ocal accounts is disabled.
@uwwint
If local accounts are disabled and there is only one OIDC registratio…
c5fa08c 
…n defined, push the user off to the configured registration.
@uwwint
Fix: if local accounts are enabled, the login page should be shown wh…
d255066 
…en clicking on login.
@uwwint
Fix: Registration page should be shown if local accounts are configured
695df7d
@uwwint
Fix: incorrect reference to config.disable_local_accouns leading to n…
fd576c2 
…o forwarding.
@uwwint
Seperate implementation of registration and login, fix all test cases…
aaacbfa 
…, refctor code
@uwwint
add test cases for registration
ffb8792
@uwwint uwwint force-pushed the change/login_register branch from 45dd95e to ffb8792 Compare May 19, 2025 15:48
@uwwint
Copy link
Contributor Author

uwwint commented May 19, 2025

@dannon

@github-actions github-actions bot added this to the 25.1 milestone May 19, 2025
@dannon dannon requested a review from ahmedhamidawan May 21, 2025 19:49
@ahmedhamidawan
Copy link
Member

Thanks for these changes @uwwint !!!
I've made some minor styling/refactoring/linting/import ordering etc fixes, used Galaxy base components ...

Will try out all the use cases you've added next!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmedhamidawan ahmedhamidawan Awaiting requested review from ahmedhamidawan

Assignees
No one assigned
Labels
area/admin area/auth Authentication and authorization area/UI-UX kind/enhancement
Projects
None yet
Milestone
25.1
Development

Successfully merging this pull request may close these issues.
2 participants
@uwwint @ahmedhamidawan