gmeben
commented
3 months ago From MSU's ORCID representative:
If you are wanting to get/read a user’s email address and their email address is set to private in their ORCID record, which is the default, you won’t be able to retrieve it even if your client app is authorized as a trusted org by the user. You can only get the users email address if it is set to public or “trusted parties” visibility. In this case, ORCID recommends not forcing the user to change their privacy setting but rather asking the user to type in their email address. You can read more about this question here: https://groups.google.com/g/orcid-api-users/c/OWCeZFUQrjg
Describe the bug
ORCID does not allow OAuth permission requests to read an ORCID user's email. By default, email visibility settings are set to private on ORCID accounts. This means, more often than not, emails from ORCID accounts will be unable to be matched with emails in Pilcrow accounts. When attempting to authenticate on Pilcrow with an ORCID account, the interaction will be treated like a registration instead of an authentication. When the user attempts to add their email, Pilcrow will report that the email address is already taken.
To Reproduce
Expected behavior Emails from ORCID accounts should be able to be matched for ORCID OAuth.
Fallback: When a user's email address is not provided from ORCID, prompt the user with an explanation of what's happening, steps to take on ORCID, and require an acknowledgement before proceeding to the "Continue Registration" form.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context
Relevant GitHub issue: https://github.com/ORCID/ORCID-Source/issues/5504