Added Globus as an identity provider

* Globus Login work for any provider Globus Auth supports
* Added tests, coverage of new code is 100%
* Added Sphinx docs

docs/examplesapp.rst

@@ -45,3 +45,10 @@ CERN
 .. include:: ../examples/cern_app.py
    :start-after: SPHINX-START
    :end-before: SPHINX-END
+
+Globus
+------
+
+.. include:: ../examples/globus_app.py
+   :start-after: SPHINX-START
+   :end-before: SPHINX-END

docs/usage.rst

@@ -40,6 +40,10 @@ CERN
 
 .. automodule:: invenio_oauthclient.contrib.cern
 
+Globus
+------
+.. automodule:: invenio_oauthclient.contrib.globus
+
 Advanced
 --------
 

examples/globus_app.py

@@ -0,0 +1,155 @@
+# -*- coding: utf-8 -*-
+#
+# This file is part of Invenio.
+# Copyright (C) 2015, 2016, 2017 CERN.
+#
+# Invenio is free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+#
+# Invenio is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Invenio; if not, write to the
+# Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston,
+# MA 02111-1307, USA.
+#
+# In applying this license, CERN does not
+# waive the privileges and immunities granted to it by virtue of its status
+# as an Intergovernmental Organization or submit itself to any jurisdiction.
+
+r"""Minimal Flask application example for development with globus handler.
+
+SPHINX-START
+
+1. Register a Globus application at `https://developers.globus.org/` with the
+   `Redirect URL` as `http://localhost:5000/oauth/authorized/globus/`. See
+   here for more documentation:
+   `https://docs.globus.org/api/auth/developer-guide/#register-app`
+
+
+2. Grab the *Client ID* and *Client Secret* after registering the application
+   and add them to your instance configuration as `consumer_key` and
+   `consumer_secret`.
+
+   .. code-block:: console
+
+       $ export GLOBUS_APP_CREDENTIALS_KEY=my_globus_client_id
+       $ export GLOBUS_APP_CREDENTIALS_SECRET=my_globus_client_secret
+
+3. Create database and tables:
+
+   .. code-block:: console
+
+       $ cdvirtualenv src/invenio-oauthclient
+       $ pip install -e .[all]
+       $ cd examples
+       $ export FLASK_APP=globus_app.py
+       $ ./app-setup.py
+
+You can find the database in `examples/globus_app.db`.
+
+4. Run the development server:
+
+   .. code-block:: console
+
+       $ flask run -p 5000 -h '0.0.0.0'
+
+5. Open in a browser the page `http://localhost:5000/globus`.
+
+   You will be redirected to globus to authorize the application.
+
+   Click on `Allow` and you will be redirected back to
+   `http://localhost:5000/oauth/signup/globus/`, where you will be able to
+   finalize the local user registration.
+
+6. To clean up and drop tables:
+
+   .. code-block:: console
+
+       $ ./app-teardown.sh
+
+SPHINX-END
+
+"""
+
+from __future__ import absolute_import, print_function
+
+import os
+
+from flask import Flask, redirect, url_for
+from flask_babelex import Babel
+from flask_login import current_user
+from flask_menu import Menu as FlaskMenu
+from flask_oauthlib.client import OAuth as FlaskOAuth
+from invenio_accounts import InvenioAccounts
+from invenio_accounts.views import blueprint as blueprint_user
+from invenio_db import InvenioDB
+from invenio_mail import InvenioMail
+from invenio_userprofiles import InvenioUserProfiles
+from invenio_userprofiles.views import \
+    blueprint_ui_init as blueprint_userprofile_init
+
+from invenio_oauthclient import InvenioOAuthClient
+from invenio_oauthclient.contrib import globus
+from invenio_oauthclient.views.client import blueprint as blueprint_client
+from invenio_oauthclient.views.settings import blueprint as blueprint_settings
+
+# [ Configure application credentials ]
+GLOBUS_APP_CREDENTIALS = dict(
+    consumer_key=os.environ.get('GLOBUS_APP_CREDENTIALS_KEY'),
+    consumer_secret=os.environ.get('GLOBUS_APP_CREDENTIALS_SECRET'),
+)
+
+# Create Flask application
+app = Flask(__name__)
+
+app.config.update(
+    SQLALCHEMY_DATABASE_URI=os.environ.get(
+        'SQLALCHEMY_DATABASE_URI', 'sqlite:///globus_app.db'
+    ),
+    OAUTHCLIENT_REMOTE_APPS=dict(
+        globus=globus.REMOTE_APP,
+    ),
+    GLOBUS_APP_CREDENTIALS=GLOBUS_APP_CREDENTIALS,
+    DEBUG=True,
+    SECRET_KEY='TEST',
+    SQLALCHEMY_ECHO=False,
+    SECURITY_PASSWORD_SALT='security-password-salt',
+    MAIL_SUPPRESS_SEND=True,
+    TESTING=True,
+    USERPROFILES_EXTEND_SECURITY_FORMS=True,
+)
+
+Babel(app)
+FlaskMenu(app)
+InvenioDB(app)
+InvenioAccounts(app)
+InvenioUserProfiles(app)
+FlaskOAuth(app)
+InvenioOAuthClient(app)
+InvenioMail(app)
+
+app.register_blueprint(blueprint_user)
+app.register_blueprint(blueprint_client)
+app.register_blueprint(blueprint_settings)
+app.register_blueprint(blueprint_userprofile_init)
+
+
+@app.route('/')
+def index():
+    """Homepage."""
+    return 'Home page (without any restrictions)'
+
+
+@app.route('/globus')
+def globus():
+    """Try to print user email or redirect to login with globus."""
+    if not current_user.is_authenticated:
+        return redirect(url_for('invenio_oauthclient.login',
+                                remote_app='globus'))
+    return 'hello {}'.format(current_user.email)