CLAM's project entry short method allows passing GET parameter project=new to create a new project and automatically download a resource from a remote URL. The CLARIN switchboard uses this.
However, the login hand-off to an external identity provider gets in the way if the user is not logged-in already. Upon redirect back to the service, the parameters that were passed on the first try (with project=new and the resource URL) are lost. We need a way to persist the parameters so they are picked up again after login redirect. A cookie is the most obvious solution here as CLAM does no server-side session management.
@dietervu I'm still not sure why we only run into this issue now. You thought it used to work before, but I can't imagine it did in the current setup, as there have not really been any significant changes in the CLAM code here in the past few years. It may have only worked because you were already logged in. Also, things might have worked some years back when we were still using our own HTTP Basic Authorization method rather than OAuth2, because the browser knows to resubmit the parameters when it gets a 401.
CLAM's project entry short method allows passing GET parameter
project=newto create a new project and automatically download a resource from a remote URL. The CLARIN switchboard uses this.However, the login hand-off to an external identity provider gets in the way if the user is not logged-in already. Upon redirect back to the service, the parameters that were passed on the first try (with project=new and the resource URL) are lost. We need a way to persist the parameters so they are picked up again after login redirect. A cookie is the most obvious solution here as CLAM does no server-side session management.
@dietervu I'm still not sure why we only run into this issue now. You thought it used to work before, but I can't imagine it did in the current setup, as there have not really been any significant changes in the CLAM code here in the past few years. It may have only worked because you were already logged in. Also, things might have worked some years back when we were still using our own HTTP Basic Authorization method rather than OAuth2, because the browser knows to resubmit the parameters when it gets a 401.