Oauth2 scope to allow ORCID/end-user to grant field level access to an API

Answered

Comments

2 comments

  • Joel Plotkin
    Hi, The use case is that after authentication, we would like to get: first name, last name, and e-mail. As e-mail is almost always a limited or private field, this is not returned via the API. Google and Facebook allow the "scope" parameter to be used such that the requesting application can specify to the end-user that it would like specific permission/access to the fields (specified in the scope). Then Google/Facebook when displaying the grant/deny message to the end-user it also tells the end-user the fields that the application is requesting. We need the e-mail address associated with the ORCID such that the submission application can contact the end-user in their author or reviewer roles. Now, as it stands, we get back first name + last name and right away, we ask the end-user for their e-mail address (thus they need to type it twice)- once on the orcid registration screen & once when orcid re-directs the end-user back to our system.
  • ORCID (APAC)

    Just to give an update on this:

    We are still looking into allowing a user to grant access to only a select number of requested scopes on the OAuth form.

    Current status:

    API clients which are requesting access can request scopes in piecemeal, e.g. only granting access to obtain an ORCID iD and read public data, only granting access to read trusted party-level data, only granting access to add information to the activities section, or only granting access to add information to the biographical section.

    Clients can also request access to all areas of the ORCID record at once, and then use refresh tokens (https://members.orcid.org/api/oauth/refresh-tokens ) to limit granted permissions. For example, if a user grants permission to read trusted party data and update the activities, then the API client can choose to limit those permissions to only read trusted party data.

    As always, let us know your feedback here or at support@orcid.org

    Warm regards,
    ORCID Community Team

Please sign in to leave a comment.