> Does anybody here have experience implementing ORCID authentication, and if so, then what are some of the gotchas I ought be aware of?
>
> I am thinking about creating a public service. While people will be able to use much of the service sans authentication, the system's complete > set of features will only be accessible after authentication. I don't need nor want to store usernames or passwords. Yuck and scary. Moreover, > people don't need YAUAPC (Yet Another Username And Password Combination). I think ORCID may be a good way for me to enable people to > authenticate. Provide people with a link, they authenticate via ORCID, I get a unique identifier for the person, and I know they are not some > sort of robot. Moreover, based on the content of the resulting ORCID ID, I might be able to provide enhanced services of some kind.
We implemented a webservice to authenticate against with multiple identity providers (ORCID, GitHub, Wikimedia, StackExchange, LDAP...):
https://github.com/gbv/login-server#providers
You can try out the service integrated an a web application at https://coli-conc.gbv.de/cocoda/app/ or independently at https://coli-conc.gbv.de/login/ and of course it's all open source.
Cheers,
Jakob
|