Integrate the public Orcid API to simplify person lookup for project-affiliated contacts

[sven1103]

Uses the public Orcid API to look up persons that the user might want to add as contact in a project.

[sonarqubecloud]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

[Steffengreiner]

Just to give a quick update: This PR now works as intended, however the UI is basic and still needs to be confirmed with @Shraddha0903.

Additionally the PR was tested with orcid Sandbox Instance so this needs to be adapted to the real orcid repository.
Finally make sure to set the environment variables to the sandbox instance as required:

ORCID_API_CLIENT_ID=Your_Awesome_Application_Client_Registered_With_Sandbox_Orcid; ORCID_API_CLIENT_SECRET=Your_Awesome_Application_Secret_Registered_With_Sandbox; ORCID_AUTHORIZATION_URL=https://sandbox.orcid.org/oauth/authorize; ORCID_JWK_SET_URI=https://sandbox.orcid.org/oauth/jwks; ORCID_TOKEN_URI=https://sandbox.orcid.org/oauth/token; ORCID_USERINFO_URI=https://sandbox.orcid.org/oauth/userinfo

Open Questions include:

1.) I had to extend the project information in the database to contain the oidc information for all 3 contacts (principal investigator, project manager, person responsible). I'd rather refactor this into a seperate table, maybe in a new PR?

2.) Understanding and extending the BoundContactField is actually not trivial and we get a lot of complicated edge cases due to the Vaadin implementations. This could be refactored way easier without employing any of the Vaadin Customfield logic and just write it more basic.

3.) The Contact information was now extended to also include the oidc and oidcissuer information since some of our users have it and some don't. The question is then why we still employ 2 distinct qbicuserdetails.

4.) I also had to account for a lot of edge cases due to the HTTP responses from the orcid responses such as:

a) Special Character usage like e.g. two dashes "--" leads to a 401 response from the repository
b) Checking if the connection to the database could be made and logging errors if it doesn't
c) Invalid Entries within the sandbox instance had to be filtered (e.g. no fullname or email), Unsure if this happens in the real repository.

I really appreciate a throughout review and feedback 👍

[sven1103]

For me sanitation is a service concern, not a repository one. I would also not allow it, instead of magically removing stuff. If the user puts in weird characters, you can return an empty result.