Closed tdudgeon closed 3 years ago
hi tdudgeon,
thank you for your very instructive guidelines here. I was able to get the Keycloak sign in with Orcid following above steps.
Can you provide some advice on how to get the actual ORCID ID via Keycloak?
thanks in advance, Best
@batpurev I'm not sure what you are wanting here. Are you trying to get the ORCID ID from the tokens that keycloak issues?
@tdudgeon thanks for your reply. Yes that is what I am trying. I added mapper in my Keycloak as "User property" with name "orcid" and tried to access it from my application but it does not come.
@tdudgeon I can access the email, given_name, first_name etc., without adding mappers. They are built-in so it work fine I guess.
OK, so I haven't tried that so I don't know for sure. But it seems like you are doing the right sort of thing.
I am wondering if the actual name of the variable is whether orcid or orcidid or even orcid-identifier as written on https://support.orcid.org/hc/en-us/articles/360006897674-Structure-of-the-ORCID-Identifier. I am so new to ORCIDiD so confused.
I really don't know. I suppose you need to look into the response that orcid gives you to see the property names.
I just came across this issue trying to set up ORCID as an identity provider with keycloak as well. From your screenshot it looks like you are adding the mapper on the client side, but there should also be a mapper added in the Identity Provider configuration. Have you managed to figure out what the claim is called in the response from orcid?
@rokroskar I did manage to integrate ORCID with Keycloak. Please visit https://stackoverflow.com/questions/68035755/how-to-get-orcid-id-via-keycloak-into-my-application for detailed steps to do it. Please dont forget to click like (on stackoverflow) if it helps your case.
Ah 🤦 of course it's the sub claim 😆 Thanks for the pointer!
Setup Keycloak to use the ORCID production environment as an Identity Provider.
This is described here: https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/
The steps involved are:
The disadvantage of this approach is that the access is tied to an individual's ORCID account (in this case mine!). It is apparently possible to assign it to an organisation, but that organisation needs to be a paying memeber.