DataBiosphere · rushtong · Sep 5, 2024 · Oct 18, 2024 · Oct 18, 2024 · Oct 24, 2024
@@ -0,0 +1,34 @@
+# eRA Commons Integration
+
+DUOS uses ECM as an intermediary to allow users to authenticate
+with NIH. ECM provides a redirect url that we point the user to.
+Once authenticated, the user is redirected back to ECM which saves
+the authentication information and then redirects the user back to 
+the originating URL. DUOS, historically, also saved this information
+locally in Consent. This allows Data Access Committees the ability to
+see if a researcher is an NIH user. 
+
+```mermaid
+%%{init: { 'theme': 'forest' } }%%
+sequenceDiagram
+    User ->> DUOS: clicks the eRA Commons button
+    DUOS ->> ECM: Get authorization url
+    Note over DUOS, ECM: GET /api/oauth/v1/{provider}/authorization-url
+    Note over DUOS, ECM: include a redirectTo parameter
+    ECM ->> DUOS: return auth url
+    DUOS ->> User: send user new url to follow
+    User ->> NIH: User is forwarded to NIH
+    NIH ->> NIH: User Auths
+    NIH ->> DUOS: Return with user state
+    Note over DUOS, NIH: get the oauth code
+    DUOS ->> ECM: Post oauthcode to ECM
+    Note over DUOS, ECM: POST /api/oauth/v1/{provider}/oauthcode
+    Note over DUOS, ECM: include state, code
+    ECM ->> DUOS: return oauth state
+    Note over ECM, DUOS: response includes redirectTo
+    DUOS ->> DUOS: Decode/validate ECM response url
+    DUOS ->> Consent: Save eRA Commons state to Consent for local purposes
+    DUOS ->> User: Redirect user to original redirectTo
+    User ->> DUOS: Original page is refreshed
+    DUOS ->> User: Updates user display
+```
@@ -6,6 +6,7 @@
   "ontologyApiUrl": "https://ontologyURL.org/",
   "terraUrl": "https://terraURL.org/",
   "tdrApiUrl": "https://tdrApiUrl.org/",
+  "ecmApiUrl": "https://ecmApiUrl.org",
   "errorApiKey": "example",
   "gaId": "",
   "profileUrl": "https://profile-dot-broad-shibboleth-prod.appspot.com/dev",

@@ -62,15 +62,38 @@ export default function ERACommons(props) {
       setExpirationCount(eraAuthState.expirationCount);
       setEraCommonsId(eraAuthState.eraCommonsId);
       onNihStatusUpdate(eraAuthState.nihValid);
+      // TODO Testing code to replace old functionality with:
+      try {
+        const ecmResponse = AuthenticateNIH.getECMeRACommonsStatus();
+        console.log(ecmResponse);
+      } catch (err) {
+        console.log(err);
+      }
     };
     initResearcherProfile();
   }, [researcherProfile, onNihStatusUpdate]);
 
   const redirectToNihLogin = async () => {
+    // TODO Testing code to replace old functionality with:
+    try {
+      const redirectURI = window.location.origin;
+      const authUrl = await AuthenticateNIH.getECMeRACommonsAuthUrl(redirectURI, destination);
+      console.log(authUrl);
+    } catch (err) {
+      console.log(err);
+    }
     const returnUrl = window.location.origin + '/' + destination + '?nih-username-token=<token>';
     window.location.href = `${ await Config.getNihUrl() }?${queryString.stringify({ 'return-url': returnUrl })}`;
   };
 
+  // eslint-disable-next-line no-unused-vars
+  const redirectToECMAuthUrl = async () => {
+    const redirectURI = window.location.origin;
+    const authUrl = await AuthenticateNIH.getECMeRACommonsAuthUrl(redirectURI, destination);
+    console.log(authUrl);
+    window.location.href = authUrl;
+  };
+
   const deleteNihAccount = async () => {
     const deleteResponse = await AuthenticateNIH.deleteAccountLinkage();
     if (deleteResponse) {

@@ -42,6 +42,10 @@ export const getOntologyUrl = async() => {
   return await Config.getOntologyApiUrl();
 };
 
+export const getECMUrl = async() => {
+  return await Config.getECMUrl();
+};
+
 export const sleep = (ms) => {
   return new Promise(resolve => setTimeout(resolve, ms));
 };

@@ -1,18 +1,71 @@
-import * as fp from 'lodash/fp';
 import { Config } from '../config';
-import { getApiUrl, fetchOk } from '../ajax';
+import {getApiUrl, fetchOk, getECMUrl, reportError} from '../ajax';
+import axios from 'axios';
+import {mergeAll, getOr, isNil} from 'lodash/fp';
 
 
+axios.interceptors.response.use(function (response) {
+  return response;
+}, function (error) {
+  // Default to a 502 when we can't get a real response object.
+  const status = getOr(502)('response.status')(error);
+  const reportUrl = getOr(null)('response.config.url')(error);
+  if (!isNil(reportUrl) && status >= 500) {
+    reportError(reportUrl, status);
+  }
+  return Promise.reject(error);
+});
+
 export const AuthenticateNIH = {
   saveNihUsr: async (decodedData) => {
     const url = `${await getApiUrl()}/api/nih`;
-    const res = await fetchOk(url, fp.mergeAll([Config.authOpts(), Config.jsonBody(decodedData), { method: 'POST' }]));
+    const res = await fetchOk(url, mergeAll([Config.authOpts(), Config.jsonBody(decodedData), { method: 'POST' }]));
     return await res.json();
   },
 
   deleteAccountLinkage: async () => {
     const url = `${await getApiUrl()}/api/nih`;
-    const res = await fetchOk(url, fp.mergeAll([Config.authOpts(), { method: 'DELETE' }]));
+    const res = await fetchOk(url, mergeAll([Config.authOpts(), { method: 'DELETE' }]));
     return await res;
   },
+
+  getECMeRACommonsStatus: async () => {
+    const url = `${await getECMUrl()}/api/oauth/v1/era-commons`;
+    const res = await axios.get(url, Config.authOpts());
+    if (res.status === 200) {
+      return res.data;
+    }
+    return undefined;
+  },
+
+  getECMeRACommonsAuthUrl: async (redirectUri, redirectTo) => {
+    const url = `${await getECMUrl()}/api/oauth/v1/era-commons/authorization-url`;
+    const parameterBlock = {
+      params: {
+        scopes: ['openid', 'email', 'profile'],
+        redirectUri: redirectUri,
+        redirectTo: redirectTo
+      },
+      paramsSerializer: {
+        indexes: null,
+      }
+    };
+    const config = Object.assign({}, Config.authOpts(), parameterBlock);
+    const res = await axios.get(url, config);
+    if (res.status === 200) {
+      return res.data;
+    }
+    return undefined;
+  },
+
+  postECMeRACommonsOauthcode: async (state, oauthcode) => {
+    const url = `${await getECMUrl()}/api/oauth/v1/era-commons/oauthcode`;
+    const data = {
+      state: state,
+      oauthcode: oauthcode
+    };
+    const res = await axios.post(url, data,  Config.authOpts());
+    return res.data;
+  }
+
 };
@@ -11,6 +11,8 @@ export const Config = {
 
   getOntologyApiUrl: async () => (await getConfig()).ontologyApiUrl,
 
+  getECMUrl: async () => (await getConfig()).ecmApiUrl,
+
   getTdrApiUrl: async () => (await getConfig()).tdrApiUrl,
 
   getTerraUrl: async () => (await getConfig()).terraUrl,