Provide clearer feedback on authorization requests

Completed

Comments

1 comment

  • Official comment
    Alainna Wrigley

    Thanks for your message.

    The permissions requested by ScholarOne are determined by ScholarOne itself. ORCID provides a description of each permission requested clearly on the OAuth sign in/registration/authorisation form. The layout is standard for each OAuth form.

    A general description of the layout :
    ----

    [NAME OF ORGANISATION] {? icon: click to get more info about the org]
    has asked for the following access to your ORCID Record:

    [List of requested permissions -- see all possible ones here: https://members.orcid.org/api/orcid-scopes ] [Mouseover textbox for each permission to provide further detail]

    This application will not be able to see your ORCID password, or other private info in your ORCID Record. [Privacy Policy link]

    Example image: https://members.orcid.org/sites/default/files/oauth-form.png
    ----
    Each permission itself has further information, for example:

    /activities/update:
    Create or update your activities (mouseover: Will allow this organisation or application to add or update activities in your ORCID record)

    /read-limited
    Read limited information from your record (mouseover: Will allow this organisation or application to read limited access information in your ORCID record)

    /orcid-bio/update (/person/update):
    Update your biographical information (mouseover: Will allow this organisation or application to add or update biographical information in your ORCID record)

    --

    As above, who is requesting what and what they will do is clearly noted. Let us know at https://orcid.org/help/contact-us if you have any further questions.

    Warm regards,
    ORCID Community Team

    Comment actions Permalink

Please sign in to leave a comment.