Closed mbjones closed 2 years ago
mbjones
commented
2 years ago I sent an email to ORCID asking if we can directly transfer our current public API client credentials to the member API, which might be easier than setting up an entire additional registration. I'll respond here if they reply.
mbjones
commented
2 years ago @taojing2002 @laurenwalker After some back and forth with the ORCID team, we are now approved to convert our account to the member API. They are looking for a date to do that, as we will need to update our client secret for all clients that use that account, and after they make the change, our app will stop working until we update the secret. When is a good time? In theory the member API should work just like the public API but provide more access. Maybe that needs to be verified before the changeover?
We can now move forward with the migration. Are you able to provide us with a date/time when you would like the migration to happen?
As part of this migration, we will update the client ID and send you a new client secret in an encrypted e-mail. Please note that once we update the client, your integration will not work until you update the client secret. This is why we need to fix a date and time for this to be done and to prevent inconveniences for users.
I will await your response and proceed accordingly.
taojing2002
commented
2 years ago I think anytime will be fine to me except my vacation.
To my understanding, we need to adjust the orcid.client.id and orcid.client.secret on the portal. Besides these, do we have any other places need to be adjusted?
We have a test account and production account. I believe this only happens on the production account, right?
Thanks,
Jing
On 12/10/21 6:53 PM, Matt Jones wrote:
@taojing2002 https://github.com/taojing2002 @laurenwalker https://github.com/laurenwalker After some back and forth with the ORCID team, we are now approved to convert our account to the member API. They are looking for a date to do that, as we will need to update our client secret for all clients that use that account, and after they make the change, our app will stop working until we update the secret. When is a good time? In theory the member API should work just like the public API but provide more access. Maybe that needs to be verified before the changeover?
We can now move forward with the migration. Are you able to provide us with a date/time when you would like the migration to happen? As part of this migration, we will update the client ID and send you a new client secret in an encrypted e-mail. Please note that once we update the client, your integration will not work until you update the client secret. This is why we need to fix a date and time for this to be done and to prevent inconveniences for users. I will await your response and proceed accordingly.— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/DataONEorg/d1_portal_servlet/issues/2#issuecomment-991419654, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB5QQDEDMEY7SIGHABMCJS3UQK4J5ANCNFSM5JDGYOUA. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
mbjones
commented
2 years ago Hi @taojing2002 I verified with ORCID that, once the conversion is made, then the new Member API will work with our current client ID and our current application. The only thing we will need to update is the client secret. I will coordinate with you on slack to find a time.
taojing2002
commented
2 years ago The switch was done and Nick recorded the credentials in our password store.
Current authentication uses the ORCID Public API, and can only access user attributes that are made publicly visible by ORCID users. By switching to the member API, we can then modify our authentication workflow to request additional attributes from the user (such as name, email, institution ,etc) that are not part of their public orcid profile. The user can then grant those requests as a condition of logging into the DataONE authentication portal.
UCSB is an ORCID member and so, after discussion, it seems we can access the member API that way. To get access to the member credentials needed, we will need to fill out the member client registration application, and submit it in conjunction with UCSB using the client registration form.
All of this can be tested ahead of time using the ORCID Sanbox without yet being a member -- see the sandbox client registration FAQ.
The information we will need to provide includes: