add new @login endpoint to return available external login options

[erral]

This PR adds a generic GET /@login endpoint that would expose links to additional login providers in a Plone site.

This way the endpoints added in packages like pas.plugins.authomatic and pas.plugins.oidc could be exchanged with adapter registrations and allow both products to be installed in the same Plone site for its use.

I am open to discuss whether the adapter needs to adapt just the IPloneSiteRoot object or perhaps may be a multiadapter including the request (perhaps to register the adapter for a given IThemeSpecific interface) or any other things.

[mister-roboto]

@erral thanks for creating this Pull Request and helping to improve Plone!

TL;DR: Finish pushing changes, pass all other checks, then paste a comment:

@jenkins-plone-org please run jobs

To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically.

Happy hacking!

[netlify]

✅ Deploy Preview for plone-restapi canceled.

Name	Link
🔨 Latest commit	f52a73d
🔍 Latest deploy log	https://app.netlify.com/sites/plone-restapi/deploys/65f4b29ed1a9c2000846c1d8

[erral]

@jenkins-plone-org please run jobs

[stevepiercy]

This needs tests and documentation, similar to other endpoints. https://6.docs.plone.org/plone.restapi/docs/source/endpoints/index.html

[erral]

This needs tests and documentation, similar to other endpoints. https://6.docs.plone.org/plone.restapi/docs/source/endpoints/index.html

Yes, I am preparing that.

[erral]

@jenkins-plone-org please run jobs

[stevepiercy]

I decided it would be faster, easier, and less frustrating to make the changes directly instead of a proper review. I hope that is OK.

[erral]

I decided it would be faster, easier, and less frustrating to make the changes directly instead of a proper review. I hope that is OK.

Thanks! ❤️

[erral]

I am investigating why the output for the documentation is empty.

[stevepiercy]

@erral what output? The preview looks good: https://deploy-preview-1757--plone-restapi.netlify.app/endpoints/login.html

[erral]

@stevepiercy the last output, this one:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "options": []
}

That should not be empty :/

[stevepiercy]

Question for @erral

[stevepiercy]

With my rename of the docs file, should this be changed as well?

Suggested change

	save_request_and_response_for_docs("external_authentication_links", response)
	save_request_and_response_for_docs("login", response)

[erral]

No, this is for the test-generated request and response file. I would leave this as it is, because we already have login.req file in the http-examples folder

[stevepiercy]

It's not an issue with the docs, because the docs only pull from this file:

https://github.com/plone/plone.restapi/blob/erral-login-options/src/plone/restapi/tests/http-examples/external_authentication_links.resp

Can you show what the content of that file should be?

[davisagli]

I like this idea in general.

Things I'm wondering:

• What about a site that wants to let the user choose between login from external providers and Plone's standard login?
• What if the integrator wants more control over the order of different login options?

So I'm thinking that maybe there should be a registry setting with a list of login providers to show, and this endpoint could use the info from the registry setting plus the details from the IExternalLoginProviders adapters. But -- this can probably be added later, so I'm not necessarily asking you to do it as a condition for adding this endpoint.

[davisagli]

Maybe this should be defined in plone.base instead of plone.restapi, so that an addon doesn't need to depend on plone.restapi just to register this adapter and provide information about what providers it supports?

On the other hand, that would make it harder to backport support for this feature to older versions of Plone.

I don't feel strongly about it but in general, plone.restapi's purpose is to provide API access to features that exist at a lower level and might also be accessed via other interfaces.

[erral]

the whole idea of the endpoint is to avoid duplicated @login endpoints such the ones we have in pas.plugins.authomatic and pas.plugins.oidc to support volto-authomatic

I agree that perhaps this should go in plone.base somewhere and integrate it with Plone's standard login page.

Perhaps we can open an issue in Plone and work on that later on?

[erral]

It's not an issue with the docs, because the docs only pull from this file:

https://github.com/plone/plone.restapi/blob/erral-login-options/src/plone/restapi/tests/http-examples/external_authentication_links.resp

Can you show what the content of that file should be?

I have already fixed this. There was a bug in my code 😈

[erral]

@jenkins-plone-org please run jobs

[stevepiercy]

Preview of docs with update look good: https://deploy-preview-1757--plone-restapi.netlify.app/endpoints/login.html

[erral]

@jenkins-plone-org please run jobs

[erral]

@jenkins-plone-org please run jobs

[erral]

@jenkins-plone-org please run jobs