Use app_key

[J4bbi]

Documentation around setting up SSO is limited. In addition to the docs themselves, it is largely found in config.py .

I assume the starting point for writing the current SSO integration config was taken here from config.py. The current approach passes consumer_key and consumer_secret directly to Flask-OAuthLib whereas Invenio prefers to use lazy loading via config app_key .

The invenio-oauthclient module makes one reference to the app_key in configuration for remote apps in a wrapper around the disconnect_handler. This only comes into play when a user tries to disconnect a remote app (an SSO service) from his account. As local logins won't be enabled, this situation can't arise as long as Imperial SSO is the only configured SSO service and as long as a user isn't created before an SSO login occurs.

I've put in a PR for the invenio-oauthclient here.

Developer Checklist

Developers should review and confirm each of these items before requesting review

• Code meets acceptance criteria from issue
• Unit tests are written and all pass
• User Test Scripts (if required) are written and have been run through
• Code documentation and related non-code documentation has all been updated

Reviewer Checklist

Reviewers should review and confirm each of these items before approval
If there are multiple reviewers, this section can be duplicated for each reviewer

• Code meets acceptance criteria from issue
• Unit tests are written and all pass
• User Test Scripts (if required) are written and have been run through
• Code documentation and related non-code documentation has all been updated
• Migation has been created and tested

Testing

List user test scripts that need to be run

List any non-unit test scripts that need to be run

[cc-a]

Thanks @J4bbi. Good catch.