Support getting an auth token when logging in through OpenID Connect

[machristie]

There are several ways of generating a Django REST Framework auth token but they all either require a username and password or by using the admin or manage.py commands. There isn't, as far as I can tell, a self-service way for a user authenticating with OpenID Connect to get an auth token.

Implementing such a view should be seems pretty simple though. Essentially we need a view that requires SessionAuthentication and generates and returns a token.

The motivation for having such a view is to allow OpenID Connect users of CloudLaunch to be able to authenticate from the cloudlaunch-cli.

[afgane]

If I'm following along, I think this would also pave a path for authenticating with cloud providers without us needing to store or acquire credentials directly from the user but could instead request temporary creds from a cloud provider (e.g., AWS) based on the identity token from an authentication provider (e.g., Google).

[machristie]

@afgane this is not nearly so ambitious as that 😄

Let me try to explain it this way. If a user goes to https://beta.launch.usegalaxy.org/ today and logs in through GitHub, how would that user obtain a DRF auth token? The user doesn't have a password so the user can't go to https://beta.launch.usegalaxy.org/cloudlaunch/api/v1/auth/login/ to login and get an auth token. That's why I think, in this situation, we need a custom view that would generate an auth token for a user if the user is already logged in (SessionAuthentication).

[afgane]

This clarified the workflow/idea. Yes - sounds like we'll need that.