I think you need to develop a wrapper API for profile-url like this(a normal api):https://www.googleapis.com/oauth2/v3/userinfo, so you can get the uid and send it in custom format to https://api.sandbox.orcid.org/v3.0/{uid}/record <https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record>.
On Tuesday, November 7, 2023 at 5:20:48 PM UTC+3:30 Aleix Mariné wrote: > So I am trying to implement ORCID authentication using three-legged OAUTH > which uses the OAUTH2 stack. > > In the ORCID documentation they explain three calls that can be made > <https://sandbox.orcid.org/developer-tools> and also there is a tutorial > on how to get an ORCID ID authenticated > <https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/> > . > expand_more*Authorize request* > > Provides an authorization code that can be exchanged for an access token > and an authenticated ORCID iD. > *Endpoint* > > https://sandbox.orcid.org/oauth/authorize > *Scope* > > /authenticate > *Response type* > > code > > https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=code&scope=/authenticate&redirect_uri=REPLACE > > WITH REDIRECT URI > expand_more*Token request* > > Provides an authenticated ORCID iD and an access token that can be used to > read public information on the record. > *Endpoint* > > https://sandbox.orcid.org/oauth/token > *Response type* > > access token and ORCID iD > curl -i -L -k -H 'Accept: application/json' --data > 'client_id=APP-UL39T4BGTQ3TNB4L&client_secret=187854af-f113-43da-8de5-eeed661aacce&grant_type=authorization_code&redirect_uri=REPLACE > > WITH REDIRECT URI&code=REPLACE WITH OAUTH CODE' > https://sandbox.orcid.org/oauth/token > expand_more*OpenID/Implicit request* > > Provides an access token that can be used to read public information on > the record and an id_token using OpenID Connect and client-side only > implicit OAuth. More information on OpenID Connect Endpoint > <https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md> > *Endpoint* > > https://sandbox.orcid.org/oauth/token > *Scope* > > openid > *Response type* > > token > > https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=token&scope=openid&redirect_uri=REPLACE > > WITH REDIRECT URI > > In my CAS I put this properties: > cas.authn.pac4j.oauth2[0].clientName=ORCID > cas.authn.pac4j.oauth2[0].profileVerb=GET > cas.authn.pac4j.oauth2[0].secret=secretID > cas.authn.pac4j.oauth2[0].id=APP-UL39T4BGTQ3TNB4L > cas.authn.pac4j.oauth2[0].auth-url= > https://sandbox.orcid.org/oauth/authorize > cas.authn.pac4j.oauth2[0].scope=/authenticate > cas.authn.pac4j.oauth2[0].token-url=https://sandbox.orcid.org/oauth/token > cas.authn.pac4j.oauth2[0].profile-url= > https://api.sandbox.orcid.org/v3.0/{user}/record > > cas.authn.pac4j.oauth2[0].customParams.response_type=code > cas.authn.pac4j.oauth2[0].customParams.client_id=code > cas.authn.pac4j.oauth2[0].profileAttrs.phone=phone > cas.authn.pac4j.oauth2[0].profileAttrs.id=APP-UL39T4BGTQ3TNB4L > cas.authn.pac4j.oauth2[0].profileAttrs.homeAddress=address > > The problem comes from the property token-url. In order to retrieve the > data of the user, I need to do an API request to the direction > https://api.sandbox.orcid.org/v3.0/{user}/record , the problem is that I > do not know how to configure CAS to substitute {user} with the User ID that > is trying to log in. > For example, let's say that the user 0009-0005-6065-7965 tries to log in. > Then to retrieve their data I would do a request to > https://api.sandbox.orcid.org/v3.0/0009-0005-6065-7965/record . > I am also not really sure if I really need to use the user record > endpoint, since the token request also returns information of the user, but > I also do not know how to capture and manipulate that information. > In practise, my CAS works alogside my application, offering the ORCID ID > as one of the login methods. The redirection to the ORCID service, the > login and the redirection back to CAS works good, the problem comes from > capturing data when the ORCID login goes back to CAS. > So I would like to know: > - Do I really need to set and use the profile-url? If it is true, how can > I make understand CAS that needs to substitute {user} with the ORCID ID of > the user that is trying to log in? > - Do I really need to capture certain values from the request to perform > the authentication? How can I retrieve custom values from the request > answer? > Thank you so much for your help! > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3499294e-6e98-4194-893e-b565038b1ce8n%40apereo.org.
