search

xchem / xchem_it

Issues for XChem IT work
0 stars 0 forks source link

Set up ORCID auth #18

Closed tdudgeon closed 3 years ago

tdudgeon commented 3 years ago

Setup Keycloak to use the ORCID production environment as an Identity Provider.

This is described here: https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/

The steps involved are:

  1. Register for an ORCID account
  2. Go to the developer tools section
  3. Click “Register for the free ORCID public API”
  4. Specify the details and you will get a client ID and client secret
  5. Add a new Identity Provider to keycloak
  6. Import the "well-known" configuration from https://orcid.org/.well-known/openid-configuration
  7. Specify the client ID and client secret
  8. Specify "Client secret sent as post" as the Client authentication type
  9. Save
  10. Test

The disadvantage of this approach is that the access is tied to an individual's ORCID account (in this case mine!). It is apparently possible to assign it to an organisation, but that organisation needs to be a paying memeber.

batpurev commented 3 years ago

hi tdudgeon,

thank you for your very instructive guidelines here. I was able to get the Keycloak sign in with Orcid following above steps.

Can you provide some advice on how to get the actual ORCID ID via Keycloak?

thanks in advance, Best

tdudgeon commented 3 years ago

@batpurev I'm not sure what you are wanting here. Are you trying to get the ORCID ID from the tokens that keycloak issues?

batpurev commented 3 years ago

@tdudgeon thanks for your reply. Yes that is what I am trying. I added mapper in my Keycloak as "User property" with name "orcid" and tried to access it from my application but it does not come.

batpurev commented 3 years ago

image

batpurev commented 3 years ago

@tdudgeon I can access the email, given_name, first_name etc., without adding mappers. They are built-in so it work fine I guess. image

tdudgeon commented 3 years ago

OK, so I haven't tried that so I don't know for sure. But it seems like you are doing the right sort of thing.

batpurev commented 3 years ago

I am wondering if the actual name of the variable is whether orcid or orcidid or even orcid-identifier as written on https://support.orcid.org/hc/en-us/articles/360006897674-Structure-of-the-ORCID-Identifier. I am so new to ORCIDiD so confused.

tdudgeon commented 3 years ago

I really don't know. I suppose you need to look into the response that orcid gives you to see the property names.

rokroskar commented 2 years ago

I just came across this issue trying to set up ORCID as an identity provider with keycloak as well. From your screenshot it looks like you are adding the mapper on the client side, but there should also be a mapper added in the Identity Provider configuration. Have you managed to figure out what the claim is called in the response from orcid?

batpurev commented 2 years ago

@rokroskar I did manage to integrate ORCID with Keycloak. Please visit https://stackoverflow.com/questions/68035755/how-to-get-orcid-id-via-keycloak-into-my-application for detailed steps to do it. Please dont forget to click like (on stackoverflow) if it helps your case.

rokroskar commented 2 years ago

Ah 🤦 of course it's the sub claim 😆 Thanks for the pointer!