search

pkp / orcidProfile

A plugin to pull ORCID information into a PKP user profile
GNU General Public License v3.0
16 stars 50 forks source link

orcidToken of authors may be visible to Journal managers. #271

Open withanage opened 1 year ago

withanage commented 1 year ago

Describe the bug A journal manager can see the access tokens for already authenticated orcid authors in the developer window of a browser

To Reproduce Steps to reproduce the behavior:

  1. Authenticate a co-author using orcid authentication
  2. Open the developer view of your browser.
  3. Publish the article
  4. In the publish API , you will see the orcidTokens

Expected behavior

  1. OrcidTokens should not be visible via the API