I don't recommend implementing OAuth20ProfileController(your link is too old any way), I just suggest develop a wrapper for delegate oauth profile api(https://api.sandbox.orcid.org/v3.0/{user}/record).
On Wednesday, November 8, 2023 at 11:59:58 PM UTC+3:30 Ray Bon wrote: > And this property > > > <Property name="pac4j.log.level">warn</Property> > > Ray > > On Wed, 2023-11-08 at 07:44 -0800, Aleix Mariné wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > So, I have found this > <https://apereo.atlassian.net/wiki/spaces/CASUM/pages/103261384/Configuration+for+the+OAuth+server+support> > documentation > that explain the inner classes used by CAS to manage the OAUTH stack. > > Should I reimplement this class? > > h) OAuth20ProfileController (org.jasig.cas.support.oauth.web) > This controller returns a profile for the authenticated user (identifier + > attributes), found with the access token (CAS granting ticket). > > Do you know which methods do I need to rewrite? > > El miércoles, 8 de noviembre de 2023 a las 15:50:22 UTC+1, Aleix Mariné > escribió: > > > Dear Meysam, > > Thank you for your response. > > I imagined the possibility of adding a bean that acts as a wrapper for > that particular endpoint, but I do not know what bean I need to > implement... Do you have any hint or tip of how this should be implemented? > Or where I can find a documentation that talks about this process? Do you > know any similar examples that I can take a look from? > > Thank you so much! > > > Aleix > > El miércoles, 8 de noviembre de 2023 a las 4:25:45 UTC+1, Meysam Shirazi > escribió: > > I think you need to develop a wrapper API for profile-url like this(a > normal api):https://www.googleapis.com/oauth2/v3/userinfo, so you can get > the uid and send it in custom format to > https://api.sandbox.orcid.org/v3.0/{uid}/record > <https://api.sandbox.orcid.org/v3.0/%7Buser%7D/record>. > > On Tuesday, November 7, 2023 at 5:20:48 PM UTC+3:30 Aleix Mariné wrote: > > So I am trying to implement ORCID authentication using three-legged OAUTH > which uses the OAUTH2 stack. > > In the ORCID documentation they explain three calls that can be made > <https://sandbox.orcid.org/developer-tools> and also there is a tutorial > on how to get an ORCID ID authenticated > <https://info.orcid.org/documentation/api-tutorials/api-tutorial-get-and-authenticated-orcid-id/> > . > > expand_more*Authorize request* > > Provides an authorization code that can be exchanged for an access token > and an authenticated ORCID iD. > *Endpoint* > > https://sandbox.orcid.org/oauth/authorize > *Scope* > > /authenticate > *Response type* > > code > > https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=code&scope=/authenticate&redirect_uri=REPLACE > > WITH REDIRECT URI > expand_more*Token request* > > Provides an authenticated ORCID iD and an access token that can be used to > read public information on the record. > *Endpoint* > > https://sandbox.orcid.org/oauth/token > *Response type* > > access token and ORCID iD > curl -i -L -k -H 'Accept: application/json' --data > 'client_id=APP-UL39T4BGTQ3TNB4L&client_secret=187854af-f113-43da-8de5-eeed661aacce&grant_type=authorization_code&redirect_uri=REPLACE > > WITH REDIRECT URI&code=REPLACE WITH OAUTH CODE' > https://sandbox.orcid.org/oauth/token > > expand_more*OpenID/Implicit request* > > Provides an access token that can be used to read public information on > the record and an id_token using OpenID Connect and client-side only > implicit OAuth. More information on OpenID Connect Endpoint > <https://github.com/ORCID/ORCID-Source/blob/main/orcid-web/ORCID_AUTH_WITH_OPENID_CONNECT.md> > *Endpoint* > > https://sandbox.orcid.org/oauth/token > *Scope* > > openid > *Response type* > > token > > https://sandbox.orcid.org/oauth/authorize?client_id=APP-UL39T4BGTQ3TNB4L&response_type=token&scope=openid&redirect_uri=REPLACE > > WITH REDIRECT URI > > In my CAS I put this properties: > cas.authn.pac4j.oauth2[0].clientName=ORCID > cas.authn.pac4j.oauth2[0].profileVerb=GET > cas.authn.pac4j.oauth2[0].secret=secretID > cas.authn.pac4j.oauth2[0].id=APP-UL39T4BGTQ3TNB4L > cas.authn.pac4j.oauth2[0].auth-url= > https://sandbox.orcid.org/oauth/authorize > cas.authn.pac4j.oauth2[0].scope=/authenticate > cas.authn.pac4j.oauth2[0].token-url=https://sandbox.orcid.org/oauth/token > cas.authn.pac4j.oauth2[0].profile-url= > https://api.sandbox.orcid.org/v3.0/{user}/record > > cas.authn.pac4j.oauth2[0].customParams.response_type=code > cas.authn.pac4j.oauth2[0].customParams.client_id=code > cas.authn.pac4j.oauth2[0].profileAttrs.phone=phone > cas.authn.pac4j.oauth2[0].profileAttrs.id=APP-UL39T4BGTQ3TNB4L > cas.authn.pac4j.oauth2[0].profileAttrs.homeAddress=address > > The problem comes from the property token-url. In order to retrieve the > data of the user, I need to do an API request to the direction > https://api.sandbox.orcid.org/v3.0/{user}/record , the problem is that I > do not know how to configure CAS to substitute {user} with the User ID that > is trying to log in. > For example, let's say that the user 0009-0005-6065-7965 tries to log in. > Then to retrieve their data I would do a request to > https://api.sandbox.orcid.org/v3.0/0009-0005-6065-7965/record . > > I am also not really sure if I really need to use the user record > endpoint, since the token request also returns information of the user, but > I also do not know how to capture and manipulate that information. > In practise, my CAS works alogside my application, offering the ORCID ID > as one of the login methods. The redirection to the ORCID service, the > login and the redirection back to CAS works good, the problem comes from > capturing data when the ORCID login goes back to CAS. > So I would like to know: > - Do I really need to set and use the profile-url? If it is true, how can > I make understand CAS that needs to substitute {user} with the ORCID ID of > the user that is trying to log in? > - Do I really need to capture certain values from the request to perform > the authentication? How can I retrieve custom values from the request > answer? > Thank you so much for your help! > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/68565ff8-d57b-4eea-84e2-e1196b92f614n%40apereo.org.
