Transparency and trust are core ORCID values. We require that systems collect ORCID iDs using an authorization process, so users can give explicit permission to obtain their ORCID iD and can also approve updates of their record.
From today, ORCID users will notice a small but important change to our authorization (OAuth) process. We have split the process into two steps: register/sign-in and permissions. This makes the authorization process clearer to our users and is consistent with the user experience on other highly-used platforms such as Google or LinkedIn.
Previously, the authorization page contained two separate elements – registration or sign-in and authorization – on a single page (Fig. 1).
.png)
Fig. 1: Single page ORCID authorization
In the new workflow, each of these elements will have a dedicated page. First, the user is asked to register or sign in to ORCID. Second, s/he is asked to authorize or deny permission for the specific access type(s) being requested by the organization (Fig. 2).
.png)
.png)
Fig. 2: Two-page ORCID authorization
This update will require no technical actions by organizations who already have an active integration, but organizations that provide ORCID guides or other documentation may need to update their visuals and/or explanation of the authorization steps to account for the new format.
We welcome your feedback on this new feature; if you have any issues or questions about the new authorization workflow, please contact us.