Unable to register with ORCID due "ORCID CURL error: .... Unexpected ORCID API response: 302"

[marcbria]

Describe the bug On OJS 3.2-stable (dockerized), with the last version of the orcid plugin (1.1.2.30 / 2023-10-31), new users can not register (popup window emerges and disapears).

In server side, log show the following error error:

[Fri Nov 10 13:09:06.566045 2023] [php7:notice] [pid 13265] [client 172.19.0.21:37082] ORCID CURL error:  (/var/www/html/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php line 106, URL https://orcid.org/v3.0/0000-0001-8485-8941/person), referer: https://orcid.org/
[Fri Nov 10 13:09:06.566123 2023] [php7:notice] [pid 13265] [client 172.19.0.21:37082] Unexpected ORCID API response: 302 (/var/www/html/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php line 111, URL https://orcid.org/v3.0/0000-0001-8485-8941/person), referer: https://orcid.org/
[Fri Nov 10 13:09:06.748367 2023] [php7:notice] [pid 13265] [client 172.19.0.21:37082] ORCID CURL error:  (/var/www/html/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php line 125, URL https://orcid.org/v3.0/0000-0001-8485-8941/employments), referer: https://orcid.org/
[Fri Nov 10 13:09:06.748477 2023] [php7:notice] [pid 13265] [client 172.19.0.21:37082] Unexpected ORCID API response: 302 (/var/www/html/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php line 130, URL https://orcid.org/v3.0/0000-0001-8485-8941/employments), referer: https://orcid.org/

To Reproduce Steps to reproduce the behavior:

1. Go to register page (/user/register)
2. Click on 'Create or connect your ORCID ID' button.
3. See how a new popup window appears and immediatly, closes again...
4. See error in logs.

Additional context In the other hand, contributors are able to bound their orcid with OJS without any trouble.

[bozana]

It seems ORCID is introducing further redirects -- it seems a redirect occurs here as well, and in 3.2.1 we did not consider/allowed the redirection -- in 3.3. and 3.4. we now use Guzzle and we could set it to follow POST redirections, so this should not be a problem in 3.3 and 3.4. I will check if something similar can be done for 3.2.1 too...

[bozana]

Hmmm... strange... I have just installed 3.2.1 (from stable-3_2_1 branch) and I do not get that error i.e. I am normally redirected to that https://orcid.org/signin?client_id=...&response_type=code&scope=%2Fauthenticate&redirect_uri=http:%2F%2Fojs-3-2-1.bb%2Findex.php%2Fpublicknowledge%2Forcidapi%2ForcidAuthorize%3FtargetOp%3Dregister in the popup window and then after signing in to the user registration in OJS again, and my ORCID token is there/saved... :thinking:

[bozana]

Hmmm... I do not understand why I do not get the 302 -- I get 200 -- at that same part of the code. Although when I call that URL https://orcid.org/v3.0/.../person directly in the browser I see first 302 in browser's developer tools...

[bozana]

@marcbria, what PHP and PHP CURL version do you have and what browser did you use?

[marcbria]

About curl, I use the one included in the alpine docker image:

curl 7.67.0 (x86_64-alpine-linux-musl) libcurl/7.67.0 OpenSSL/1.1.1k zlib/1.2.11 nghttp2/1.40.0
Release-Date: 2019-11-06
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets

About the browser... it happens with Firefox and Chromium, but final users also reported the issue:

Chromium Versión 103.0.5060.13 (Build for developers) Built on Ubuntu 20.04, running on Ubuntu 22.04 (64 bits)

Firefox Version 119.0.1 (64-bit) Snap for Ubuntu

[bozana]

Actually I think your CURL behaves correctly, but I do not know why my does not behave in the same way :-( From curl_getinfo() at that pace in the code, I get:

Array
(
    [url] => https://orcid.org/v3.0/0000-0001-8915-5620/person
    [content_type] => application/json;charset=UTF-8
    [http_code] => 200
    [header_size] => 452
    [request_size] => 141
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.369336
    [namelookup_time] => 0.000973
    [connect_time] => 0.01689
    [pretransfer_time] => 0.04583
    [size_upload] => 123
    [size_download] => 232
    [speed_download] => 628
    [speed_upload] => 333
    [download_content_length] => -1
    [upload_content_length] => 123
    [starttransfer_time] => 0.045833
    [redirect_time] => 0
    [redirect_url] => 
    [primary_ip] => 2606:4700:10::6814:e546
    [certinfo] => Array
        (
        )

    [primary_port] => 443
    [local_ip] => 2003:fc:d707:2f95:e89b:e63a:6b24:6862
    [local_port] => 44394
    [http_version] => 3
    [protocol] => 2
    [ssl_verifyresult] => 0
    [scheme] => HTTPS
    [appconnect_time_us] => 45711
    [connect_time_us] => 16890
    [namelookup_time_us] => 973
    [pretransfer_time_us] => 45830
    [redirect_time_us] => 0
    [starttransfer_time_us] => 45833
    [total_time_us] => 369336
)

I think I need @asmecher 's help :-)

[marcbria]

From inside the container when asking curl_getinfo() for the same url you asked I get a 302:

Array
(
    [url] => https://orcid.org/v3.0/0000-0001-8915-5620/person
    [content_type] => 
    [http_code] => 302
    [header_size] => 531
    [request_size] => 77
    [filetime] => -1
    [ssl_verify_result] => 0
    [redirect_count] => 0
    [total_time] => 0.301137
    [namelookup_time] => 0.016119
    [connect_time] => 0.038585
    [pretransfer_time] => 0.085971
    [size_upload] => 0
    [size_download] => 0
    [speed_download] => 0
    [speed_upload] => 0
    [download_content_length] => 0
    [upload_content_length] => -1
    [starttransfer_time] => 0.301103
    [redirect_time] => 0
    [redirect_url] => https://orcid.org/signin
    [primary_ip] => 104.20.228.70
    [certinfo] => Array
        (
        )

    [primary_port] => 443
    [local_ip] => 10.10.69.2
    [local_port] => 59960
    [http_version] => 3
    [protocol] => 2
    [ssl_verifyresult] => 0
    [scheme] => HTTPS
    [appconnect_time_us] => 85803
    [connect_time_us] => 38585
    [namelookup_time_us] => 16119
    [pretransfer_time_us] => 85971
    [redirect_time_us] => 0
    [starttransfer_time_us] => 301103
    [total_time_us] => 301137
)

I also tired:

• From the host (outside the container) with a dockerized php 7.3.
• Form the host with a dockerized php 8.1.
• From my home server with a dockerized php 7.3

I got a 302 in all cases, so I though it could be related with running inside a container (docker proxy, etc) but then I ran curl directly from my server and home's shell and I also got a 302 all the time:

$ curl -I https://orcid.org/v3.0/0000-0001-8915-5620/person
HTTP/2 302 
date: Wed, 15 Nov 2023 17:48:30 GMT
location: https://orcid.org/signin
cf-ray: 82695352ab0369e8-MAD
cf-cache-status: DYNAMIC
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: 0
set-cookie: X-Mapping-fjhppofk=0DF22E209E1692975F899146EA7AFF00; path=/
pragma: no-cache
set-cookie: XSRF-TOKEN=0347a8e5-661b-4c59-8aa2-c38a5b93df34; Path=/; secure;orcid-web
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare

Finally I tried to visit the url from my browsers, and the result was the same.

Thanks for your time and your help Bozana,

m.

---

Details of the test...

I used the following script (just in case I made something wrong): ```php $url = 'https://orcid.org/v3.0/0000-0001-8915-5620/person'; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($ch); if (curl_errno($ch)) { echo 'Error en la solicitud cURL: ' . curl_error($ch); exit; } $info = curl_getinfo($ch); curl_close($ch); print_r($info); ``` And the docker call was: ```$ docker run --rm -v $(pwd):/usr/src/app -w /usr/src/app php:7.3-cli php getCurl.php```

[bozana]

Hey @marcbria, Could you try to add this line: CURLOPT_FOLLOWLOCATION => true, before this line in the code: https://github.com/pkp/orcidProfile/blob/stable-3_2_1/pages/OrcidHandler.inc.php#L100

And check if the registration works?

[bozana]

Now I am a little bit worried if I can test correctly the other versions, 3.3 and 3.4 -- because even for 3.2.1 it works for me... :-\

[marcbria]

CURLOPT_FOLLOWLOCATION => true, before this line in the code pages/OrcidHandler.inc.php#L100 And check if the registration works?

You are a wizard! Now works better, but still not perfect.

The popup window raises and I can fill it, but then ORCID data (name, surname...) is not transfered back to the OJS login form.

Now I am a little bit worried if I can test correctly the other versions, 3.3 and 3.4 -- because even for 3.2.1 it works for me... :-\

If you are not in a Mac, you can test it over docker if you like. ;-)

Works fine with linux and windows. I still need to fix the way we build the images to be compatible with Mac.

[bozana]

Hi @marcbria, Yes, that is the same for me -- the Given and Family Name are not transferred back to OJS registration page -- but I think this is because the following is returned from ORCID: {"access_token":"...","token_type":"bearer","refresh_token":"...","expires_in":631138518,"scope":"/authenticate","name":"Božana Bokan","orcid":"0000-0001-8915-5620"} that means no differentiation between the names. Maybe @withanage would know why/how/... ?

[withanage]

@marcbria do you mean the general registration form ?

If I understand correctly, your are referring to the login form.

http://localhost/ojs/index.php/xyz/user/register?source=

I tested the OJS 3.2.1 branch on php 7.4, and name, surname and orcid are passed.

The registered credentials are not passed, but that is a limitation, which is why I removed registration completely in 3.3+.

Since there was no proper way to move received orcid values properly, previous developers had added the following javascript function to move the values.

https://github.com/pkp/orcidProfile/blob/stable-3_2_1/pages/OrcidHandler.inc.php#L136

Therefore , if you are going to still use this function , I would check that if the javascript is called correctly.

[marcbria]

If I understand correctly, your are referring to the login form. http://localhost/ojs/index.php/xyz/user/register?source=

Yes, it is. Bozana fixed the initial issue with this but there is still a problem with the user-data passed to the registration form (not the credentials, that I know about the limitation).

Here you have an example: https://papers.uab.cat/user/register

As you will notice, there is no track of the javascript added to move the values. Funny part is I checked it in the plugin's code (1.1.2.30 from 2023-10-31) and the script is there.

BTW, I added the CURLOPT_FOLLOWLOCATION variable in L100, but I think it need to be added in every curl_setopt_array, isn't it?

[bozana]

Hi @withanage, when I tested it, I only get this from ORCID: {"access_token":"...","token_type":"bearer","refresh_token":"...","expires_in":631138518,"scope":"/authenticate","name":"Božana Bokan","orcid":"0000-0001-8915-5620"} That means there is no @$profileJson['name']['given-names']['value'] (from that JS part) there... Does it work for you? Is there something we can do, for ORCID values to be overtaken into the registration form fields?

[bozana]

Hi @marcbria, yes, I will soon change the code to insert CURLOPT_FOLLOWLOCATION everywhere...

[bozana]

And finally, @withanage, we did not know you turned the registration button off for reason, so @ewhanson introduced it again here: https://github.com/pkp/orcidProfile/issues/294. The button was also there in 3.4, it seems...

[marcbria]

And finally, @withanage, we did not know you turned the registration button off for reason, so @ewhanson introduced it again here: #294. The button was also there in 3.4, it seems...

Take a look to #266 for a detailed explanation.

[withanage]

@bozana and @marcbria

And finally, @withanage, we did not know you turned the registration button off for reason, so @ewhanson introduced it again here: #294. The button was also there in 3.4, it seems...

yes, the important reason was that the orcid authentication tokens, were not communicated.

orcid-register.webm

Somehow it works for me, which is strange for me too looking at the API response.

[bozana]

@ewhanson tested it yesterday, and found out that the person's data are available and overtaken into our registration form when the member API is selected in the plugin...

[marcbria]

I confirm our service is poor and we can't pay ORCID 5K every year... :-(
Nice catch @ewhanson. :+1:

[RDMerlo]

OrcidHandler.inc.php: I added "CURLOPT_FOLLOWLOCATION => true" to "CURLOPT_POST => true" in all the code places. AND IT WORKED!

I hope this completely solved the issue. I am using a Public API. OJS 3.2.0.3. ORCID 1.1.2.3, PHP 7.3.33.

@bozana, thank you very much. If this works, then I'll drink to your health, dude! 🥂