OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It supplements existing OAuth authentication flows and provides information about users to clients in a […]
Authentication and OAuth
Integration best practices
To ensure that you build the best possible integration for your institution, your researchers, and the wider community, we recommend that you consider the following best practices:
Does ORCID support two-factor authentication?
ORCID allows users to enable Two-factor authentication (2FA) on their ORCID account. 2FA is a secondary security check made during the sign-in process. It provides additional confirmation that the user […]
How long do access tokens last?
In keeping with our commitment to researcher control of their ORCID record, the record holder can choose to revoke any access token at any time by deleting it from permissions […]
Does ORCID provide an OAuth Java Script widget?
ORCID provides a simple Java Script widget that can be used to obtain authenticated ORCID iDs using OAuth with OpenID Connect. Please note that the widget uses implicit OAuth, so […]