5 files changed, 21 insertions, 72 deletions

diff --git a/python/Pipfile b/python/Pipfile
index 63336f5f..42d0b7ad 100644
--- a/python/Pipfile
+++ b/python/Pipfile
@@ -29,7 +29,7 @@ flask-wtf = "*"
 Flask-Misaka = "*"
 flask-mwoauth = "*"
 WTForms = "*"
-loginpass = "*"
+loginpass = { git = 'https://github.com/authlib/loginpass.git', ref = 'ed9e527502bd19be6793f88ed71ca0e1764e9034' }
 requests = ">=2"
 raven = { extras = ['flask'], version = "*" }
 pykafka = ">=2"
diff --git a/python/Pipfile.lock b/python/Pipfile.lock
index 3193224c..0d73417d 100644
--- a/python/Pipfile.lock
+++ b/python/Pipfile.lock
@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "3f8b12cae190b6af84c19c09cb1ff77c3a00ef78e65cb14ebccf66d821a35cac"
+            "sha256": "e6ac8d0bd63b3819a170bde676a9f6a00933af9ac7cd45c75b809f14776e2652"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -16,20 +16,6 @@
         ]
     },
     "default": {
-        "asn1crypto": {
-            "hashes": [
-                "sha256:2f1adbb7546ed199e3c90ef23ec95c5cf3585bac7d11fb7eb562a3fe89c64e87",
-                "sha256:9d5c20441baf0cb60a4ac34cc447c6c189024b6b4c6cd7877034f4965c464e49"
-            ],
-            "version": "==0.24.0"
-        },
-        "authlib": {
-            "hashes": [
-                "sha256:3a226f231e962a16dd5f6fcf0c113235805ba206e294717a64fa8e04ae3ad9c4",
-                "sha256:9741db6de2950a0a5cefbdb72ec7ab12f7e9fd530ff47219f1530e79183cbaaf"
-            ],
-            "version": "==0.11"
-        },
         "beautifulsoup4": {
             "hashes": [
                 "sha256:034740f6cb549b4e932ae1ab975581e6103ac8f942200a0e9759065984391858",
@@ -121,30 +107,6 @@
             ],
             "version": "==7.0"
         },
-        "cryptography": {
-            "hashes": [
-                "sha256:066f815f1fe46020877c5983a7e747ae140f517f1b09030ec098503575265ce1",
-                "sha256:210210d9df0afba9e000636e97810117dc55b7157c903a55716bb73e3ae07705",
-                "sha256:26c821cbeb683facb966045e2064303029d572a87ee69ca5a1bf54bf55f93ca6",
-                "sha256:2afb83308dc5c5255149ff7d3fb9964f7c9ee3d59b603ec18ccf5b0a8852e2b1",
-                "sha256:2db34e5c45988f36f7a08a7ab2b69638994a8923853dec2d4af121f689c66dc8",
-                "sha256:409c4653e0f719fa78febcb71ac417076ae5e20160aec7270c91d009837b9151",
-                "sha256:45a4f4cf4f4e6a55c8128f8b76b4c057027b27d4c67e3fe157fa02f27e37830d",
-                "sha256:48eab46ef38faf1031e58dfcc9c3e71756a1108f4c9c966150b605d4a1a7f659",
-                "sha256:6b9e0ae298ab20d371fc26e2129fd683cfc0cfde4d157c6341722de645146537",
-                "sha256:6c4778afe50f413707f604828c1ad1ff81fadf6c110cb669579dea7e2e98a75e",
-                "sha256:8c33fb99025d353c9520141f8bc989c2134a1f76bac6369cea060812f5b5c2bb",
-                "sha256:9873a1760a274b620a135054b756f9f218fa61ca030e42df31b409f0fb738b6c",
-                "sha256:9b069768c627f3f5623b1cbd3248c5e7e92aec62f4c98827059eed7053138cc9",
-                "sha256:9e4ce27a507e4886efbd3c32d120db5089b906979a4debf1d5939ec01b9dd6c5",
-                "sha256:acb424eaca214cb08735f1a744eceb97d014de6530c1ea23beb86d9c6f13c2ad",
-                "sha256:c8181c7d77388fe26ab8418bb088b1a1ef5fde058c6926790c8a0a3d94075a4a",
-                "sha256:d4afbb0840f489b60f5a580a41a1b9c3622e08ecb5eec8614d4fb4cd914c4460",
-                "sha256:d9ed28030797c00f4bc43c86bf819266c76a5ea61d006cd4078a93ebf7da6bfd",
-                "sha256:e603aa7bb52e4e8ed4119a58a03b60323918467ef209e6ff9db3ac382e5cf2c6"
-            ],
-            "version": "==2.6.1"
-        },
         "fatcat-client": {
             "editable": true,
             "path": "./../python_client"
@@ -174,7 +136,6 @@
         },
         "flask-misaka": {
             "hashes": [
-                "sha256:bcfdacc0803ccea75d377737e82c83489b2153d922c9d9f9eabc5148d216ed70",
                 "sha256:d0cfb0efd9e5afacda76defd4a605a68390f4fb1bef283c71534fd3ce0d3efb5",
                 "sha256:f423c3beb5502742a57330a272f81d53223f6f99d45cc45b03926e3a3034f589"
             ],
@@ -246,12 +207,8 @@
             "version": "==2.5.0"
         },
         "loginpass": {
-            "hashes": [
-                "sha256:0d87aa651ae6ff25194f4f7d8b85fdd780d356783f893b8921fe2ba5112aaf93",
-                "sha256:970e1debbd88c75cc5df693656fd86620817366108214f53d3af8edee09db428"
-            ],
-            "index": "pypi",
-            "version": "==0.2.1"
+            "git": "https://github.com/authlib/loginpass.git",
+            "ref": "ed9e527502bd19be6793f88ed71ca0e1764e9034"
         },
         "lxml": {
             "hashes": [
@@ -352,7 +309,6 @@
         },
         "pykafka": {
             "hashes": [
-                "sha256:6b075909a52cb0c95325bc16ab797bbcdbb37386652ea460705ed4472ce91459",
                 "sha256:f0bbd394ae6970042a587c99fe4dc0966e67787249d963d4ce2f810dc9490577"
             ],
             "index": "pypi",
@@ -423,6 +379,9 @@
             "version": "==0.5.4"
         },
         "raven": {
+            "extras": [
+                "flask"
+            ],
             "hashes": [
                 "sha256:3fa6de6efa2493a7c827472e984ce9b020797d0da16f1db67197bcc23c8fae54",
                 "sha256:44a13f87670836e153951af9a3c80405d36b43097db869a36e92809673692ce4"
@@ -441,8 +400,7 @@
         "requests-oauthlib": {
             "hashes": [
                 "sha256:bd6533330e8748e94bf0b214775fed487d309b8b8fe823dc45641ebcd9a32f57",
-                "sha256:d3ed0c8f2e3bbc6b344fa63d6f933745ab394469da38db16bdddb461c7e25140",
-                "sha256:dd5a0499abfefd087c6dd96693cbd5bfd28aa009719a7f85ab3fabe3956ef19a"
+                "sha256:d3ed0c8f2e3bbc6b344fa63d6f933745ab394469da38db16bdddb461c7e25140"
             ],
             "version": "==1.2.0"
         },
@@ -549,42 +507,32 @@
         },
         "coverage": {
             "hashes": [
-                "sha256:0c5fe441b9cfdab64719f24e9684502a59432df7570521563d7b1aff27ac755f",
-                "sha256:2b412abc4c7d6e019ce7c27cbc229783035eef6d5401695dccba80f481be4eb3",
                 "sha256:3684fabf6b87a369017756b551cef29e505cb155ddb892a7a29277b978da88b9",
                 "sha256:39e088da9b284f1bd17c750ac672103779f7954ce6125fd4382134ac8d152d74",
                 "sha256:3c205bc11cc4fcc57b761c2da73b9b72a59f8d5ca89979afb0c1c6f9e53c7390",
-                "sha256:42692db854d13c6c5e9541b6ffe0fe921fe16c9c446358d642ccae1462582d3b",
                 "sha256:465ce53a8c0f3a7950dfb836438442f833cf6663d407f37d8c52fe7b6e56d7e8",
                 "sha256:48020e343fc40f72a442c8a1334284620f81295256a6b6ca6d8aa1350c763bbe",
-                "sha256:4ec30ade438d1711562f3786bea33a9da6107414aed60a5daa974d50a8c2c351",
                 "sha256:5296fc86ab612ec12394565c500b412a43b328b3907c0d14358950d06fd83baf",
                 "sha256:5f61bed2f7d9b6a9ab935150a6b23d7f84b8055524e7be7715b6513f3328138e",
-                "sha256:6899797ac384b239ce1926f3cb86ffc19996f6fa3a1efbb23cb49e0c12d8c18c",
                 "sha256:68a43a9f9f83693ce0414d17e019daee7ab3f7113a70c79a3dd4c2f704e4d741",
                 "sha256:6b8033d47fe22506856fe450470ccb1d8ba1ffb8463494a15cfc96392a288c09",
                 "sha256:7ad7536066b28863e5835e8cfeaa794b7fe352d99a8cded9f43d1161be8e9fbd",
                 "sha256:7bacb89ccf4bedb30b277e96e4cc68cd1369ca6841bde7b005191b54d3dd1034",
                 "sha256:839dc7c36501254e14331bcb98b27002aa415e4af7ea039d9009409b9d2d5420",
-                "sha256:8e679d1bde5e2de4a909efb071f14b472a678b788904440779d2c449c0355b27",
                 "sha256:8f9a95b66969cdea53ec992ecea5406c5bd99c9221f539bca1e8406b200ae98c",
                 "sha256:932c03d2d565f75961ba1d3cec41ddde00e162c5b46d03f7423edcb807734eab",
-                "sha256:93f965415cc51604f571e491f280cff0f5be35895b4eb5e55b47ae90c02a497b",
                 "sha256:988529edadc49039d205e0aa6ce049c5ccda4acb2d6c3c5c550c17e8c02c05ba",
                 "sha256:998d7e73548fe395eeb294495a04d38942edb66d1fa61eb70418871bc621227e",
                 "sha256:9de60893fb447d1e797f6bf08fdf0dbcda0c1e34c1b06c92bd3a363c0ea8c609",
                 "sha256:9e80d45d0c7fcee54e22771db7f1b0b126fb4a6c0a2e5afa72f66827207ff2f2",
                 "sha256:a545a3dfe5082dc8e8c3eb7f8a2cf4f2870902ff1860bd99b6198cfd1f9d1f49",
                 "sha256:a5d8f29e5ec661143621a8f4de51adfb300d7a476224156a39a392254f70687b",
-                "sha256:a9abc8c480e103dc05d9b332c6cc9fb1586330356fc14f1aa9c0ca5745097d19",
                 "sha256:aca06bfba4759bbdb09bf52ebb15ae20268ee1f6747417837926fae990ebc41d",
                 "sha256:bb23b7a6fd666e551a3094ab896a57809e010059540ad20acbeec03a154224ce",
                 "sha256:bfd1d0ae7e292105f29d7deaa9d8f2916ed8553ab9d5f39ec65bcf5deadff3f9",
-                "sha256:c22ab9f96cbaff05c6a84e20ec856383d27eae09e511d3e6ac4479489195861d",
                 "sha256:c62ca0a38958f541a73cf86acdab020c2091631c137bd359c4f5bddde7b75fd4",
                 "sha256:c709d8bda72cf4cd348ccec2a4881f2c5848fd72903c185f363d361b2737f773",
                 "sha256:c968a6aa7e0b56ecbd28531ddf439c2ec103610d3e2bf3b75b813304f8cb7723",
-                "sha256:ca58eba39c68010d7e87a823f22a081b5290e3e3c64714aac3c91481d8b34d22",
                 "sha256:df785d8cb80539d0b55fd47183264b7002077859028dfe3070cf6359bf8b2d9c",
                 "sha256:f406628ca51e0ae90ae76ea8398677a921b36f0bd71aab2099dfed08abd0322f",
                 "sha256:f46087bbd95ebae244a0eda01a618aff11ec7a069b15a3ef8f6b520db523dcf1",
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py
index 6e285ddb..ba789609 100644
--- a/python/fatcat_web/__init__.py
+++ b/python/fatcat_web/__init__.py
@@ -8,7 +8,7 @@ from flask_wtf.csrf import CSRFProtect
 from flask_misaka import Misaka
 from flask_mwoauth import MWOAuth
 from authlib.flask.client import OAuth
-from loginpass import create_flask_blueprint, Gitlab, GitHub
+from loginpass import create_flask_blueprint, Gitlab, GitHub, ORCiD
 from raven.contrib.flask import Sentry
 import fatcat_client
 
@@ -74,9 +74,9 @@ app.register_blueprint(mwoauth.bp, url_prefix='/auth/wikipedia')
 from fatcat_web import routes, editing_routes, auth, cors, forms
 
 # TODO: blocking on ORCID support in loginpass
-#if Config.ORCID_CLIENT_ID:
-#    orcid_bp = create_flask_blueprint(ORCID, oauth, auth.handle_oauth)
-#    app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
+if Config.ORCID_CLIENT_ID:
+    orcid_bp = create_flask_blueprint(ORCiD, oauth, auth.handle_oauth)
+    app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
 
 if Config.GITLAB_CLIENT_ID:
     gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth)
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index 44a03f5f..06c8475b 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -54,10 +54,15 @@ def handle_oauth(remote, token, user_info):
         # not sure all loginpass backends will set it
         if user_info.get('preferred_username'):
             preferred_username = user_info['preferred_username']
+        elif 'orcid.org' in iss:
+            # as a special case, prefix ORCiD identifier so it can be used as a
+            # username. If we instead used the human name, we could have
+            # collisions. Not a great user experience either way.
+            preferred_username = 'i' + user_info['sub'].replace('-', '')
         else:
             preferred_username = user_info['sub']
 
-        params = fatcat_client.AuthOidc(remote.name, user_info['sub'], iss, user_info['preferred_username'])
+        params = fatcat_client.AuthOidc(remote.name, user_info['sub'], iss, preferred_username)
         # this call requires admin privs
         (resp, http_status, http_headers) = priv_api.auth_oidc_with_http_info(params)
         editor = resp.editor
diff --git a/python/fatcat_web/templates/auth_login.html b/python/fatcat_web/templates/auth_login.html
index 6e9b1f15..85e33d79 100644
--- a/python/fatcat_web/templates/auth_login.html
+++ b/python/fatcat_web/templates/auth_login.html
@@ -37,21 +37,17 @@ Note that currently editor accounts are locked 1-to-1 with external identities.
 </div>
 {% endif %}
 
-{# not implemented in login pass yet #}
 {% if config.ORCID_CLIENT_ID %}
-{# <a href="/auth/orcid/login"> #}
+<a href="/auth/orcid/login">
 <div class="ui segment attached">
   <h2 class="ui header">
-    {# <img src="/static/orcid_icon.png" style="width: 1.5em;"> #}
-    <i class="grey times circle icon"></i>
+    <img src="/static/orcid_icon.png" style="width: 1.5em;">
     <div class="content">
       ORCiD
-      {# <div class="sub header">via OpenID Connect</div> #}
-      <div class="sub header">not implemented yet</div>
+      <div class="sub header">via OpenID Connect</div>
     </div>
   </h2>
 </div>
-{# </a> #}
 {% endif %}
 
 {% if config.WIKIPEDIA_CLIENT_ID %}