Currently ORCID end-users must grant an API either all/none access to their data based on pre-existing security/privacy settings. Please allow the Oauth2 "scope" parameter to "request" access to specific data elements which the ORCID/end-user could then say yes/no to on a per-request (authorization) basis. This is successfully done in the Facebook Oauth2 implementation: https://developers.facebook.com/docs/reference/dialogs/oauth/ scope: A comma separated list of permission names which you would like people to grant your app. Only the permissions people have not already granted your app will be shown
Please sign in to leave a comment.