From 3e1b54b02c5fc3f77613d3136f4692c41e7782cf Mon Sep 17 00:00:00 2001
From: Enol Fernandez <enol.fernandez@egi.eu>
Date: Wed, 4 Oct 2023 12:55:58 +0100
Subject: [PATCH 1/3] Add Check-in as OIDC authentication option

---
 lib/galaxy/authnz/managers.py                      |  3 +++
 lib/galaxy/authnz/psa_authnz.py                    |  2 ++
 .../config/sample/oidc_backends_config.xml.sample  | 14 ++++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/lib/galaxy/authnz/managers.py b/lib/galaxy/authnz/managers.py
index 07ac51f4f809..a74d71456c39 100644
--- a/lib/galaxy/authnz/managers.py
+++ b/lib/galaxy/authnz/managers.py
@@ -165,6 +165,9 @@ def _parse_idp_config(self, config_xml):
             rtv["tenant_id"] = config_xml.find("tenant_id").text
         if config_xml.find("pkce_support") is not None:
             rtv["pkce_support"] = asbool(config_xml.find("pkce_support").text)
+        # this is a EGI Check-in specific config
+        if config_xml.find("checkin_env") is not None:
+            rtv["checkin_env"] = config_xml.find("checkin_env").text
 
         return rtv
 
diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
index 0dc084727980..501604da2f27 100644
--- a/lib/galaxy/authnz/psa_authnz.py
+++ b/lib/galaxy/authnz/psa_authnz.py
@@ -42,6 +42,7 @@
     "elixir": "social_core.backends.elixir.ElixirOpenIdConnect",
     "okta": "social_core.backends.okta_openidconnect.OktaOpenIdConnect",
     "azure": "social_core.backends.azuread_tenant.AzureADV2TenantOAuth2",
+    "checkin": "social_core.backends.checkin.CheckinOpenIdConnect",
 }
 
 BACKENDS_NAME = {
@@ -50,6 +51,7 @@
     "elixir": "elixir",
     "okta": "okta-openidconnect",
     "azure": "azuread-v2-tenant-oauth2",
+    "checkin": "checkin",
 }
 
 AUTH_PIPELINE = (
diff --git a/lib/galaxy/config/sample/oidc_backends_config.xml.sample b/lib/galaxy/config/sample/oidc_backends_config.xml.sample
index 1c07a7d3e116..1ae67d9a6e9c 100644
--- a/lib/galaxy/config/sample/oidc_backends_config.xml.sample
+++ b/lib/galaxy/config/sample/oidc_backends_config.xml.sample
@@ -197,4 +197,18 @@ Please mind `http` and `https`.
         <api_url> ... </api_url>
     </provider>
 
+    <!-- Documentation: https://docs.egi.eu/providers/check-in/sp -->
+    <provider name="checkin">
+	<!-- Client id and secret can be obtained by registering your client at Check-in
+	Federation Registry: https://aai.egi.eu/federation -->
+        <client_id>...</client_id>
+        <client_secret>...</client_secret>
+	<redirect_uri>http://localhost:8080/authnz/checkin/callback</redirect_uri>
+	<icon>https://im.egi.eu/im-dashboard/static/images/egicheckin.png</icon>
+        <prompt>consent</prompt>
+	<!-- (Optional) Which Check-in environment to use (prod, demo, dev), default is prod -->
+	<!-- <checkin_env>dev</checkin_env> -->
+    </provider>
+
+
 </OIDC>

From 9715b8448a24265d04d42d13261d16772a985ca3 Mon Sep 17 00:00:00 2001
From: Enol Fernandez <enol.fernandez@egi.eu>
Date: Tue, 17 Oct 2023 10:22:49 +0100
Subject: [PATCH 2/3] Use a less generic name

---
 lib/galaxy/authnz/psa_authnz.py                          | 4 ++--
 lib/galaxy/config/sample/oidc_backends_config.xml.sample | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
index 501604da2f27..acfef6ccbeb1 100644
--- a/lib/galaxy/authnz/psa_authnz.py
+++ b/lib/galaxy/authnz/psa_authnz.py
@@ -42,7 +42,7 @@
     "elixir": "social_core.backends.elixir.ElixirOpenIdConnect",
     "okta": "social_core.backends.okta_openidconnect.OktaOpenIdConnect",
     "azure": "social_core.backends.azuread_tenant.AzureADV2TenantOAuth2",
-    "checkin": "social_core.backends.checkin.CheckinOpenIdConnect",
+    "egi_checkin": "social_core.backends.checkin.EGICheckinOpenIdConnect",
 }
 
 BACKENDS_NAME = {
@@ -51,7 +51,7 @@
     "elixir": "elixir",
     "okta": "okta-openidconnect",
     "azure": "azuread-v2-tenant-oauth2",
-    "checkin": "checkin",
+    "egi_checkin": "egi-checkin",
 }
 
 AUTH_PIPELINE = (
diff --git a/lib/galaxy/config/sample/oidc_backends_config.xml.sample b/lib/galaxy/config/sample/oidc_backends_config.xml.sample
index 1ae67d9a6e9c..5b2c558e75b6 100644
--- a/lib/galaxy/config/sample/oidc_backends_config.xml.sample
+++ b/lib/galaxy/config/sample/oidc_backends_config.xml.sample
@@ -198,8 +198,8 @@ Please mind `http` and `https`.
     </provider>
 
     <!-- Documentation: https://docs.egi.eu/providers/check-in/sp -->
-    <provider name="checkin">
-	<!-- Client id and secret can be obtained by registering your client at Check-in
+    <provider name="egi_checkin">
+	<!-- Client id and secret can be obtained by registering your client at EGI Check-in
 	Federation Registry: https://aai.egi.eu/federation -->
         <client_id>...</client_id>
         <client_secret>...</client_secret>

From 2eb4cc143a716ba56977bbd6bf42f6d08b201be5 Mon Sep 17 00:00:00 2001
From: Enol Fernandez <enol.fernandez@egi.eu>
Date: Wed, 18 Oct 2023 10:06:38 +0100
Subject: [PATCH 3/3] Fix module name

---
 lib/galaxy/authnz/psa_authnz.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/galaxy/authnz/psa_authnz.py b/lib/galaxy/authnz/psa_authnz.py
index acfef6ccbeb1..a1193f02868c 100644
--- a/lib/galaxy/authnz/psa_authnz.py
+++ b/lib/galaxy/authnz/psa_authnz.py
@@ -42,7 +42,7 @@
     "elixir": "social_core.backends.elixir.ElixirOpenIdConnect",
     "okta": "social_core.backends.okta_openidconnect.OktaOpenIdConnect",
     "azure": "social_core.backends.azuread_tenant.AzureADV2TenantOAuth2",
-    "egi_checkin": "social_core.backends.checkin.EGICheckinOpenIdConnect",
+    "egi_checkin": "social_core.backends.egi_checkin.EGICheckinOpenIdConnect",
 }
 
 BACKENDS_NAME = {