> Does anybody here have experience implementing ORCID authentication, and if > so, then what are some of the gotchas I ought be aware of? > > I am thinking about creating a public service. While people will be able to > use much of the service sans authentication, the system's complete > set of > features will only be accessible after authentication. I don't need nor want > to store usernames or passwords. Yuck and scary. Moreover, > people don't > need YAUAPC (Yet Another Username And Password Combination). I think ORCID > may be a good way for me to enable people to > authenticate. Provide people > with a link, they authenticate via ORCID, I get a unique identifier for the > person, and I know they are not some > sort of robot. Moreover, based on the > content of the resulting ORCID ID, I might be able to provide enhanced > services of some kind.
We implemented a webservice to authenticate against with multiple identity providers (ORCID, GitHub, Wikimedia, StackExchange, LDAP...): https://github.com/gbv/login-server#providers You can try out the service integrated an a web application at https://coli-conc.gbv.de/cocoda/app/ or independently at https://coli-conc.gbv.de/login/ and of course it's all open source. Cheers, Jakob
