Authentication and OAuth

In keeping with our commitment to researcher control of their ORCID record, the record holder can choose to revoke any access token at any time by deleting it from permissions in the Trusted Organization list under their Account Settings. As of 2018, researchers can only grant long-lived access tokens which last for 20 years unless the user revokes Continue Reading

ORCID allows users to enable Two-factor authentication (2FA) on their ORCID account. 2FA is a secondary security check made during the sign-in process. It provides additional confirmation that the user is indeed the person signing into an ORCID account. For more information relating to how this can be configured for users please see our KB article. Continue Reading

To ensure that you build the best possible integration for your institution, your researchers, and the wider community, we recommend that you consider the following best practices: Customize the user experience: Use data your system has stored to pre-fill the OAuth sign in/registration screen. You can also include state parameters to identify the user in Continue Reading

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It supplements existing OAuth authentication flows and provides information about users to clients in a well described manner. OpenID connect is a standardised way of implementing OAuth and sharing information about authenticated users. It will now be possible to configure Continue Reading

There are different options for registering redirect URIs with your client credentials. Please note that all redirect URIs for your production credentials need to be https.  Register all redirect URIs fullyThis is what is encouraged on the registration form and is what most third parties do.Register just the host nameIf the client app is registered Continue Reading