And this property
<Property name="pac4j.log.level">warn</Property> Ray On Wed, 2023-11-08 at 07:44 -0800, Aleix Mariné wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. So, I have found this<https://apereo.atlassian.net/wiki/spaces/CASUM/pages/103261384/Configuration+for+the+OAuth+server+support> documentation that explain the inner classes used by CAS to manage the OAUTH stack. Should I reimplement this class? h) OAuth20ProfileController (org.jasig.cas.support.oauth.web) This controller returns a profile for the authenticated user (identifier + attributes), found with the access token (CAS granting ticket). Do you know which methods do I need to rewrite? El miércoles, 8 de noviembre de 2023 a las 15:50:22 UTC+1, Aleix Mariné escribió: Dear Meysam, Thank you for your response. I imagined the possibility of adding a bean that acts as a wrapper for that particular endpoint, but I do not know what bean I need to implement... Do you have any hint or tip of how this should be implemented? Or where I can find a documentation that talks about this process? Do you know any similar examples that I can take a look from? Thank you so much! Aleix El miércoles, 8 de noviembre de 2023 a las 4:25:45 UTC+1, Meysam Shirazi escribió: I think you need to develop a wrapper API for profile-url like this(a normal api):https://www.googleapis.com/oauth2/v3/userinfo, so you can get the uid and send it in custom format to https://api.sandbox.orcid.org/v3.0/{uid}/record<https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record>. On Tuesday, November 7, 2023 at 5:20:48 PM UTC+3:30 Aleix Mariné wrote: So I am trying to implement ORCID authentication using three-legged OAUTH which uses the OAUTH2 stack. In the ORCID documentation they explain three calls that can be made<https://sandbox.orcid.org/developer-tools> and also there is a tutorial on how to get an ORCID ID authenticated<https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/>. expand_moreAuthorize request Provides an authorization code that can be exchanged for an access token and an authenticated ORCID iD. Endpoint https://sandbox.orcid.org/oauth/authorize Scope /authenticate Response type code https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=code&scope=/authenticate&redirect_uri=REPLACE WITH REDIRECT URI expand_moreToken request Provides an authenticated ORCID iD and an access token that can be used to read public information on the record. Endpoint https://sandbox.orcid.org/oauth/token Response type access token and ORCID iD curl -i -L -k -H 'Accept: application/json' --data 'client_id=APP-UL39T4BGTQ3TNB4L&client_secret=187854af-f113-43da-8de5-eeed661aacce&grant_type=authorization_code&redirect_uri=REPLACE WITH REDIRECT URI&code=REPLACE WITH OAUTH CODE' https://sandbox.orcid.org/oauth/token expand_moreOpenID/Implicit request Provides an access token that can be used to read public information on the record and an id_token using OpenID Connect and client-side only implicit OAuth. More information on OpenID Connect Endpoint<https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md> Endpoint https://sandbox.orcid.org/oauth/token Scope openid Response type token https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=token&scope=openid&redirect_uri=REPLACE WITH REDIRECT URI In my CAS I put this properties: cas.authn.pac4j.oauth2[0].clientName=ORCID cas.authn.pac4j.oauth2[0].profileVerb=GET cas.authn.pac4j.oauth2[0].secret=secretID cas.authn.pac4j.oauth2[0].id=APP-UL39T4BGTQ3TNB4L cas.authn.pac4j.oauth2[0].auth-url=https://sandbox.orcid.org/oauth/authorize cas.authn.pac4j.oauth2[0].scope=/authenticate cas.authn.pac4j.oauth2[0].token-url=https://sandbox.orcid.org/oauth/token cas.authn.pac4j.oauth2[0].profile-url=https://api.sandbox.orcid.org/v3.0/{user}/record<https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record> cas.authn.pac4j.oauth2[0].customParams.response_type=code cas.authn.pac4j.oauth2[0].customParams.client_id=code cas.authn.pac4j.oauth2[0].profileAttrs.phone=phone cas.authn.pac4j.oauth2[0].profileAttrs.id=APP-UL39T4BGTQ3TNB4L cas.authn.pac4j.oauth2[0].profileAttrs.homeAddress=address The problem comes from the property token-url. In order to retrieve the data of the user, I need to do an API request to the directionhttps://api.sandbox.orcid.org/v3.0/{user}/record<https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record> , the problem is that I do not know how to configure CAS to substitute {user} with the User ID that is trying to log in. For example, let's say that the user 0009-0005-6065-7965 tries to log in. Then to retrieve their data I would do a request tohttps://api.sandbox.orcid.org/v3.0/0009-0005-6065-7965/record . I am also not really sure if I really need to use the user record endpoint, since the token request also returns information of the user, but I also do not know how to capture and manipulate that information. In practise, my CAS works alogside my application, offering the ORCID ID as one of the login methods. The redirection to the ORCID service, the login and the redirection back to CAS works good, the problem comes from capturing data when the ORCID login goes back to CAS. So I would like to know: - Do I really need to set and use the profile-url? If it is true, how can I make understand CAS that needs to substitute {user} with the ORCID ID of the user that is trying to log in? - Do I really need to capture certain values from the request to perform the authentication? How can I retrieve custom values from the request answer? Thank you so much for your help! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1fe9f0b1c6e18c8ed441242d159df2504d0ca12c.camel%40uvic.ca.