So I am trying to implement ORCID authentication using three-legged OAUTH which uses the OAUTH2 stack.
In the ORCID documentation they explain three calls that can be made <https://sandbox.orcid.org/developer-tools> and also there is a tutorial on how to get an ORCID ID authenticated <https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/> . expand_more*Authorize request* Provides an authorization code that can be exchanged for an access token and an authenticated ORCID iD. *Endpoint* https://sandbox.orcid.org/oauth/authorize *Scope* /authenticate *Response type* code https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=code&scope=/authenticate&redirect_uri=REPLACE WITH REDIRECT URI expand_more*Token request* Provides an authenticated ORCID iD and an access token that can be used to read public information on the record. *Endpoint* https://sandbox.orcid.org/oauth/token *Response type* access token and ORCID iD curl -i -L -k -H 'Accept: application/json' --data 'client_id=APP-UL39T4BGTQ3TNB4L&client_secret=187854af-f113-43da-8de5-eeed661aacce&grant_type=authorization_code&redirect_uri=REPLACE WITH REDIRECT URI&code=REPLACE WITH OAUTH CODE' https://sandbox.orcid.org/oauth/token expand_more*OpenID/Implicit request* Provides an access token that can be used to read public information on the record and an id_token using OpenID Connect and client-side only implicit OAuth. More information on OpenID Connect Endpoint <https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md> *Endpoint* https://sandbox.orcid.org/oauth/token *Scope* openid *Response type* token https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=token&scope=openid&redirect_uri=REPLACE WITH REDIRECT URI In my CAS I put this properties: cas.authn.pac4j.oauth2[0].clientName=ORCID cas.authn.pac4j.oauth2[0].profileVerb=GET cas.authn.pac4j.oauth2[0].secret=secretID cas.authn.pac4j.oauth2[0].id=APP-UL39T4BGTQ3TNB4L cas.authn.pac4j.oauth2[0].auth-url=https://sandbox.orcid.org/oauth/authorize cas.authn.pac4j.oauth2[0].scope=/authenticate cas.authn.pac4j.oauth2[0].token-url=https://sandbox.orcid.org/oauth/token cas.authn.pac4j.oauth2[0].profile-url=https://api.sandbox.orcid.org/v3.0/{user}/record cas.authn.pac4j.oauth2[0].customParams.response_type=code cas.authn.pac4j.oauth2[0].customParams.client_id=code cas.authn.pac4j.oauth2[0].profileAttrs.phone=phone cas.authn.pac4j.oauth2[0].profileAttrs.id=APP-UL39T4BGTQ3TNB4L cas.authn.pac4j.oauth2[0].profileAttrs.homeAddress=address The problem comes from the property token-url. In order to retrieve the data of the user, I need to do an API request to the direction https://api.sandbox.orcid.org/v3.0/{user}/record , the problem is that I do not know how to configure CAS to substitute {user} with the User ID that is trying to log in. For example, let's say that the user 0009-0005-6065-7965 tries to log in. Then to retrieve their data I would do a request to https://api.sandbox.orcid.org/v3.0/0009-0005-6065-7965/record . I am also not really sure if I really need to use the user record endpoint, since the token request also returns information of the user, but I also do not know how to capture and manipulate that information. In practise, my CAS works alogside my application, offering the ORCID ID as one of the login methods. The redirection to the ORCID service, the login and the redirection back to CAS works good, the problem comes from capturing data when the ORCID login goes back to CAS. So I would like to know: - Do I really need to set and use the profile-url? If it is true, how can I make understand CAS that needs to substitute {user} with the ORCID ID of the user that is trying to log in? - Do I really need to capture certain values from the request to perform the authentication? How can I retrieve custom values from the request answer? Thank you so much for your help! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2a93ec5a-d5c8-407c-ba8f-308356f9c522n%40apereo.org.
