If you are concerned with multiple users being on the same machine and not signing out between sessions, you can force them to re-authenticate during the OAuth process. Simply include prompt=login
in the OAuth request. You can also set a max_age in seconds to force users to re-authenticate if their session is over a certain length. See our OpenID Connect documentation for more details.
You can also sign users out of ORCID programatically using an ajax request to https://orcid.org/userStatus.json?logUserOut=true
. Please do not use iframes for this purpose. A working example of this is at http://orcid.github.io/test/log-user-out-jsonp.html. View the page source to see how the sign-out is called as a script on that page.
If you wish to link to our signout page so that users can visit it, it is at https://orcid.org/signout
. Again, please do not try to use this in an iframe.