Hi Eric,
I use ORCID authentication via OpenID Connect in a WordPress site. The main gotcha is that ORCID doesn't provide the user's email address in an OIDC-standard way, whereas WordPress says it requires an email address for each user. Even if a user has a public email address, you can only get it through the ORCID profile API (or you'd have to persuade the user to complete their profile manually). I haven't gone through this trouble and haven't had real issues, but other applications may be more strict.
Another gotcha is that as a normal ORCID user, you can only have one registered application (API key and secret). This application can have multiple redirect URIs, so it might not affect you directly.
Hope this helps.
Ben
On 24-09-20, 03:50, "Code for Libraries on behalf of Eric Lease Morgan" <[log in to unmask] on behalf of [log in to unmask]> wrote:
Does anybody here have experience implementing ORCID authentication, and if so, then what are some of the gotchas I ought be aware of?
I am thinking about creating a public service. While people will be able to use much of the service sans authentication, the system's complete set of features will only be accessible after authentication. I don't need nor want to store usernames or passwords. Yuck and scary. Moreover, people don't need YAUAPC (Yet Another Username And Password Combination). I think ORCID may be a good way for me to enable people to authenticate. Provide people with a link, they authenticate via ORCID, I get a unique identifier for the person, and I know they are not some sort of robot. Moreover, based on the content of the resulting ORCID ID, I might be able to provide enhanced services of some kind.
Have y'll done something like this? If so, then what was your experience?
--
Eric Lease Morgan
University of Notre Dame
