Anyone with public or member API credentials can receive a /read-public access token. To obtain a token, you make a call to the ORCID API token endpoint. This process is often referred […]
Authentication and OAuth
How do I get a “/read-limited” access token?
To obtain /read-limited access, you must ask the researcher for permission. You do this using OAuth. Specifically, “3 legged OAuth“. For more information please see our API Tutorial: Read data […]
How does “3 legged OAuth” work?
ORCID integrations use “3 legged OAuth” to authenticate users and request permission to interact with their records. Any integration can ask for read permissions using the Public API. ORCID members […]
What is an OAuth scope, and which scopes does ORCID support?
When requesting permission to interact with an ORCID user’s record, you specify one or more ‘scopes’. Each scope allows you to do certain things, such as read the record, or […]
How do I force a user to logout?
If you are concerned with multiple users being on the same machine and not signing out between sessions, you can force them to re-authenticate during the OAuth process. Simply include prompt=login in […]
What display languages does ORCID support?
Users can change their display language on their own at any point. The following language settings are available: Language Code عربى (Arabic) ar čeština (Czeck) cs English en Español (Spanish) […]
What information can I pre-fill on the authentication screen?
Any or all of the parameters can be used: Parameter Field Notes given_names Given name The first name field will be filled in on the registration form if a specified email address or ORCID […]
When is authorization skipped?
If an active access token already exists with the same scopes that your OAuth authorization URL requests, and the user is signed into their ORCID record, they will not be […]
How does implicit OAuth work?
Implicit OAuth is a lighter weight version of OAuth designed to be used by systems that do not have, or do not want to use server side components. Implicit OAuth […]
How do redirect URIs work?
What are redirect URIs and how are they used?Redirect URIs are used by our OAuth authentication service as a security measure. ORCID will only send authenticating users to URIs registered […]