Authentication and OAuth

ORCID provides a simple Java Script widget that can be used to obtain authenticated ORCID iDs using OAuth with OpenID Connect. Please note that the widget uses implicit OAuth, so does not collect any write permissions. This means it is not suitable for member integrations that wish to update records. Please see our tutorial for Continue Reading

In keeping with our commitment to researcher control of their ORCID record, the record holder can choose to revoke any access token at any time by deleting it from permissions in the Trusted Organization list under their Account Settings. As of 2018, researchers can only grant long-lived access tokens which last for 20 years unless the user revokes Continue Reading

ORCID allows users to enable Two-factor authentication (2FA) on their ORCID account. 2FA is a secondary security check made during the sign-in process. It provides additional confirmation that the user is indeed the person signing into an ORCID account. For more information relating to how this can be configured for users please see our KB article. Continue Reading

To ensure that you build the best possible integration for your institution, your researchers, and the wider community, we recommend that you consider the following best practices: Customize the user experience: Use data your system has stored to pre-fill the OAuth sign in/registration screen. You can also include state parameters to identify the user in Continue Reading

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It supplements existing OAuth authentication flows and provides information about users to clients in a well described manner. OpenID connect is a standardised way of implementing OAuth and sharing information about authenticated users. It will now be possible to configure Continue Reading