artntek
commented
1 year ago This Issue has been transferred over from the original Redmine Task #8746 created on 2018-11-16
Open artntek opened 1 year ago
artntek
commented
1 year ago This Issue has been transferred over from the original Redmine Task #8746 created on 2018-11-16
mbjones
commented
11 months ago See also duplicate ticket https://github.com/DataONEorg/d1_portal_servlet/issues/3
By switching to the ORCID member API, we can make attribute requests during the authentication process by asking for information only accessible to trusted organizations.
This allows us to ask for a user's email address, even if it has been set to trusted (whereas now we only see the user's public address). This will allow us to ensure that we have a valid email address for all logins.
If a user has set their email to 'only me' in their ORCID profile, then we should deny the login and indicate that they need to make their email available to trusted orgs for login to work.
See: https://support.orcid.org/hc/en-us/articles/360006897614
Also see semi-related Issue: #2