Table of contents
ORCID provides mechanisms which allow users to sign-in into your product or service using their ORCID credentials, link their ORCID accounts with their local accounts on your system, and or provide you with their authenticated ORCID iDs. These guidelines give information on the user experience you should provide when integrating these workflows.
These workflows are achieved using the OAuth2 protocol, which has a detailed API tutorial. You can also customize the ORCID sign in screen to meet your needs if desired.
Explaining ORCID
Your users may not be familiar with ORCID. Giving a short introduction to ORCID and an accompanying link to the website (orcid.org) can help break the ice. We suggest using the following to familiarize your users with the benefits of ORCID and to encourage them to use their ORCID to sign in to your system.
“ORCID is a free, unique, persistent identifier (PID) for individuals to use as they engage in research, scholarship, and innovation activities. It can also help you save time when you use your ORCID to sign into systems like this one. Learn more about how ORCID helps you spend more time conducting your research and less time managing it. Learn more at orcid.org”
It is also very important to explain the benefits of signing in with ORCID, allowing you to collect their authenticated ORCID IDs, or link their ORCID accounts with your system.
Use buttons and links to let users easily sign in with ORCID, provide you with their authenticated ORCID ID and/or link their ORCID account with their local account. Collecting authenticated ORCID IDs ensures that you receive the correct ORCID iD, preventing errors that can occur when users manually type in their ORCID identifier. The workflow looks like this:
The URL included in your button or link initiates the OAuth flow, sending the user to ORCID and prompting them to sign into their ORCID account. Once the user has signed into their ORCID account, they are able to authorize your application to grant permission to your application has requested to access their ORCID record. Control is then returned to your application with a token which enables you to access the user’s ORCID record via our APIs.
Button and link styling
Buttons and links connecting to ORCID should use the ORCID iD icon, which can be obtained from our Brand Library. ORCID iD icons must be used as provided, and must not be changed or altered in any way, as stated in our Brand Guidelines. Make sure that the button or link text clearly describes what will happen when it is clicked or selected.
Button examples
Link examples
ORCID sign in screens
ORCID sign in screens can be displayed either as fixed-size popup windows or by using a simple link to our service that then returns the user to your own.
We don’t support embedded sign in forms or forms contained in an iFrame.
Fixed-size popup windows
If you are displaying the ORCID sign in screen in a popup window then be sure to trigger the event by user action to avoid popup blocker issues. The simplest method for doing this is to use the JavaScript onclick()
event to trigger the window.open()
method.
Always show the full page URL in the popup window’s address bar. A readable URL helps to reassure users that the window or page is genuine, is located on the official orcid.org domain, and that they are where they expected to be.
Remember that your redirect URI call will also be displayed inside this popup window. Make sure your content and formatting are appropriately styled and sized.
Sign in screen dimensions
- Minimum dimensions – 500px x 600px
- Optimal dimensions – 540px x 700px
Always include vertical scroll bars for fixed size popup or modal windows as the height of the content on the sign in screen can vary.
Customizing the sign in experience
ORCID provides the ability to customize the ORCID sign in screen to meet your needs if desired. For example, pre-populating user details or pre-selecting the language used.
Completing the sign in process
Once the user has completed the sign in process using a popup and returned to your system you should either:
- close the ORCID sign in window automatically
- provide a clear button to manually close the OAuth window
OAuth redirect pages
You will need to create your own redirect page in order to send users back to your site after OAuth authentication.
The page should make it clear that their ORCID record has been successfully connected and that they will now be automatically redirected back to the submitting service.