MUG: add optional CyVerse Keycloak provider (#52)

Author: lpandath

themes/MUG/invenio.cfg

@@ -384,14 +384,28 @@ _keycloak_helper = KeycloakSettingsHelper(
     legacy_url_path=False
 )
 
+_cyverse_keycloak_helper = KeycloakSettingsHelper(
+    title="CyVerse",
+    description="CyVerse",
+    base_url="https://keycloak.cyverse.at",
+    realm="CyVerse",
+    app_key="CYVERSE_KEYCLOAK_APP_CREDENTIALS",
+    legacy_url_path=False,
+)
+
 OAUTHCLIENT_KEYCLOAK_REALM_URL = _keycloak_helper.realm_url
 OAUTHCLIENT_KEYCLOAK_USER_INFO_URL = _keycloak_helper.user_info_url
 OAUTHCLIENT_KEYCLOAK_VERIFY_EXP = True  # whether to verify the expiration date of tokens
 OAUTHCLIENT_KEYCLOAK_VERIFY_AUD = True  # whether to verify the audience tag for tokens
 OAUTHCLIENT_KEYCLOAK_AUD = "inveniordm"  # probably the same as the client ID
 OAUTHCLIENT_KEYCLOAK_USER_INFO_FROM_ENDPOINT = True
 
-OAUTHCLIENT_REMOTE_APPS = {"keycloak": _keycloak_helper.remote_app}
+OAUTHCLIENT_REMOTE_APPS = {
+    "keycloak": _keycloak_helper.remote_app,
+    # Enable when needed (see docs: multiple keycloak authentication providers):
+    # "cyverse": _cyverse_keycloak_helper.remote_app,
+}
 
 ## SET THE CREDENTIALS via .env
 # INVENIO_KEYCLOAK_APP_CREDENTIALS={'consumer_key':'<YOUR.CLIENT.ID>','consumer_secret': '<YOUR.CLIENT.CREDENTIALS.SECRET>'}
+# INVENIO_CYVERSE_KEYCLOAK_APP_CREDENTIALS={'consumer_key':'<YOUR.CLIENT.ID>','consumer_secret': '<YOUR.CLIENT.CREDENTIALS.SECRET>'}