Dear Meysam, Thank you for your response.
I imagined the possibility of adding a bean that acts as a wrapper for that particular endpoint, but I do not know what bean I need to implement... Do you have any hint or tip of how this should be implemented? Or where I can find a documentation that talks about this process? Do you know any similar examples that I can take a look from? Thank you so much! Aleix El miércoles, 8 de noviembre de 2023 a las 4:25:45 UTC+1, Meysam Shirazi escribió: > I think you need to develop a wrapper API for profile-url like this(a > normal api):https://www.googleapis.com/oauth2/v3/userinfo, so you can get > the uid and send it in custom format to > https://api.sandbox.orcid.org/v3.0/{uid}/record > <https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record>. > > On Tuesday, November 7, 2023 at 5:20:48 PM UTC+3:30 Aleix Mariné wrote: > >> So I am trying to implement ORCID authentication using three-legged OAUTH >> which uses the OAUTH2 stack. >> >> In the ORCID documentation they explain three calls that can be made >> <https://sandbox.orcid.org/developer-tools> and also there is a tutorial >> on how to get an ORCID ID authenticated >> <https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/> >> . >> expand_more*Authorize request* >> >> Provides an authorization code that can be exchanged for an access token >> and an authenticated ORCID iD. >> *Endpoint* >> >> https://sandbox.orcid.org/oauth/authorize >> *Scope* >> >> /authenticate >> *Response type* >> >> code >> >> https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=code&scope=/authenticate&redirect_uri=REPLACE >> >> WITH REDIRECT URI >> expand_more*Token request* >> >> Provides an authenticated ORCID iD and an access token that can be used >> to read public information on the record. >> *Endpoint* >> >> https://sandbox.orcid.org/oauth/token >> *Response type* >> >> access token and ORCID iD >> curl -i -L -k -H 'Accept: application/json' --data >> 'client_id=APP-UL39T4BGTQ3TNB4L&client_secret=187854af-f113-43da-8de5-eeed661aacce&grant_type=authorization_code&redirect_uri=REPLACE >> >> WITH REDIRECT URI&code=REPLACE WITH OAUTH CODE' >> https://sandbox.orcid.org/oauth/token >> expand_more*OpenID/Implicit request* >> >> Provides an access token that can be used to read public information on >> the record and an id_token using OpenID Connect and client-side only >> implicit OAuth. More information on OpenID Connect Endpoint >> <https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md> >> *Endpoint* >> >> https://sandbox.orcid.org/oauth/token >> *Scope* >> >> openid >> *Response type* >> >> token >> >> https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=token&scope=openid&redirect_uri=REPLACE >> >> WITH REDIRECT URI >> >> In my CAS I put this properties: >> cas.authn.pac4j.oauth2[0].clientName=ORCID >> cas.authn.pac4j.oauth2[0].profileVerb=GET >> cas.authn.pac4j.oauth2[0].secret=secretID >> cas.authn.pac4j.oauth2[0].id=APP-UL39T4BGTQ3TNB4L >> cas.authn.pac4j.oauth2[0].auth-url= >> https://sandbox.orcid.org/oauth/authorize >> cas.authn.pac4j.oauth2[0].scope=/authenticate >> cas.authn.pac4j.oauth2[0].token-url=https://sandbox.orcid.org/oauth/token >> cas.authn.pac4j.oauth2[0].profile-url= >> https://api.sandbox.orcid.org/v3.0/{user}/record >> >> cas.authn.pac4j.oauth2[0].customParams.response_type=code >> cas.authn.pac4j.oauth2[0].customParams.client_id=code >> cas.authn.pac4j.oauth2[0].profileAttrs.phone=phone >> cas.authn.pac4j.oauth2[0].profileAttrs.id=APP-UL39T4BGTQ3TNB4L >> cas.authn.pac4j.oauth2[0].profileAttrs.homeAddress=address >> >> The problem comes from the property token-url. In order to retrieve the >> data of the user, I need to do an API request to the direction >> https://api.sandbox.orcid.org/v3.0/{user}/record , the problem is that I >> do not know how to configure CAS to substitute {user} with the User ID that >> is trying to log in. >> For example, let's say that the user 0009-0005-6065-7965 tries to log in. >> Then to retrieve their data I would do a request to >> https://api.sandbox.orcid.org/v3.0/0009-0005-6065-7965/record . >> I am also not really sure if I really need to use the user record >> endpoint, since the token request also returns information of the user, but >> I also do not know how to capture and manipulate that information. >> In practise, my CAS works alogside my application, offering the ORCID ID >> as one of the login methods. The redirection to the ORCID service, the >> login and the redirection back to CAS works good, the problem comes from >> capturing data when the ORCID login goes back to CAS. >> So I would like to know: >> - Do I really need to set and use the profile-url? If it is true, how can >> I make understand CAS that needs to substitute {user} with the ORCID ID of >> the user that is trying to log in? >> - Do I really need to capture certain values from the request to perform >> the authentication? How can I retrieve custom values from the request >> answer? >> Thank you so much for your help! >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/76909428-6fe0-42b5-86db-c81f944ba777n%40apereo.org.
