Implement an OIDC-based backend for uc-cdis/fence

[VJalili]

Fence repo: https://github.com/uc-cdis/fence

TODOs:

• Fence does not support nonce (see Include nonce claim in the ID token uc-cdis/fence#600 )---a required claim by psa (and oidc specifications)---that results in AuthTokenError exception:

  social-core/social_core/backends/open_id_connect.py

  Lines 134 to 143 in 000f8e5

  	# Validate the nonce to ensure the request was not modified
  	nonce = id_token.get('nonce')
  	if not nonce:
  	raise AuthTokenError(self, 'Incorrect id_token: nonce')
  	nonce_obj = self.get_nonce(nonce)
  	if nonce_obj:
  	self.remove_nonce(nonce_obj.id)
  	else:
  	raise AuthTokenError(self, 'Incorrect id_token: nonce')

  Hence, either psa should make nonce optional (Allow nonce to be optional in OIDC Authorization workflow #315) or Fence implement it. IMHO, based on OIDC-specs (see the following quote), the latter is preferred.

  If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request.
  (Ref)

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.