The ORCID Organizational Identity Source Plugin is designed to integrate with the ORCID API in order to create Organizational Identities and to securely link an ORCID iD to an existing CO Person Record. In Registry v4.4.0 and later, this plugin supports the use of the ORCID Member API for collecting ORCID access and refresh tokens in addition to ORCID iDs. While it is possible to manually enter ORCID iD into an Identifier record, use of the plugin is recommended in order to avoid transcription errors, to create an audit trail, and to allow future syncing of other ORCID Record attributes into COmanage Registry.
The ORCID API appears to have rate limits that are documented in this Google Group message.
Modes
| Org Identity Source Mode | Support |
|---|---|
| Manual Search and Linking | Supported, but not recommended |
| Enrollment, Authenticated | Supported, via OAuth |
| Enrollment, Claim | Not supported |
| Enrollment, Search | Not supported |
| Enrollment, Select | Supported, but not recommended |
| Org Identity Sync Mode | Support |
|---|---|
| Full | Not supported |
| Manual | Not supported |
| Query | Supported |
| Update | Supported |
Prior to v4.4.0, ORCID Source Plugin supports only the public API, and only the production tier. Neither the member API nor the sandbox were supported.
In Registry v4.4.0 and later, ORCID Source Plugin supports both the public and member ORCID API, and allows for connection to both the ORCID production and Sandbox tiers.
Configuration - ORCID Member API (Registry v4.4.0 and later)
Introduced in Registry v4.4.0, COmanage Registry supports using ORCID Member credentials which use the Authorization Code Grant Type for obtaining per-user-interaction access tokens.
In order to use the ORCID Source Plugin with ORCID Member API credentials, you must be an ORCID Member (for production use), or you must request Sandbox Member API credentials for testing on ORCID's Sandbox Server.
- Add a new Server, via Servers > Add a New Server
- Set the Server Type to OAuth2.
- After the configuration has been saved, a Redirect URI will be available via the server configuration page. Keep this handy for the next step.
- Register a Member API Client using the instructions in the ORCID Documentation. Alternatively, you may add the redirect URI for Registry to an existing Client.
- Add the redirect URI as provided by the COmanage plugin configuration, above. Save this information for your ORCID Client
- Return to the COmanage OAuth2 Server configuration page.
- Server URL: Use either https://orcid.org/oauth (PRODUCTION) – OR – https://sandbox.orcid.org/oauth (SANDBOX TESTING)
- Proxy: Proxy configuration in the form of [host:port], if needed
- Client ID: The Client ID provided by ORCID
- Client Secret: The Client Secret provided by ORCID
- Access Token Grant Type: Authorization Code
Scope: include your desired 3-legged OAuth scopes that represent the permissions you want to obtain from users. Separate each scope with a space, for example,
/activities/update /read-limited openid
- Click Save.
- To test your configuration, click the 'Obtain New Token' button, and authenticate at ORCID if necessary.
- Add a new Organizational Identity Source, via Configuration >> Organizational Identity Sources >> Add Organizational Identity Source.
- Set the plugin type to OrcidSource.
- After clicking Save, you will be taken to the configuration page.
- An Additional ORCID Redirect URI will be presented. Return to the ORCID developer tools and add this second Redirect URI.
Both Redirect URIs are required for the ORCID Source Plugin to fully function.
- Set the Server in the ORCID Source Configuration to the one created in step 1 above.
- Review the requested OAuth 2.0 scopes for this Source. They may be inherited from that defined for the server, or may be defined to be unique to this Source configuration.
- Click the Save button to save your configuration.
- An Additional ORCID Redirect URI will be presented. Return to the ORCID developer tools and add this second Redirect URI.
Configuration - ORCID Public API (Registry v3.2.0 and later)
Although the ORCID Public API supports the Implicit Grant flow, COmanage Registry uses the more secure Client Credentials OAuth Grant type model that allows the ORCID Client to obtain an access token outside of the context of a user interaction.
In order to use the ORCID Source Plugin with ORCID's Public API, you must first have an ORCID iD. For non-members, it will be necessary to use credentials established from a personal ORCID iD, ORCID does not currently support "institutional" or "service" accounts except for paid members.
The ORCID Source Plugin uses two different OAuth flows, making configuration slightly more complicated.
- If you have not already done so, register for an ORCID iD.
- Add a new Server, via Servers > Add a New Server
- Set the Server Type to OAuth2.
- After the configuration has been saved, a Redirect URI will be available via the server configuration page. Keep this handy for the next step.
- Register your application (be sure to enable developer tools if not already done). Note that ORCID appears to only allow one registration per personal ORCID account, though multiple redirect URIs can be specified. Add the redirect URI as provided by the COmanage plugin configuration, above.
- Return to the COmanage OAuth2 Server configuration page.
- Server URL: https://orcid.org/oauth (Introduced in v4.4.0, you may use the ORCID sandbox server at https://sandbox.orcid.org/oauth)
- Proxy (introduced in v4.4.0): Proxy configuration in the form of [host:port], if needed
- Client ID: The Client ID provided by ORCID
- Client Secret: The Client Secret provided by ORCID
- Access Token Grant Type: Client Credentials
- Scope: /read-public
- Click Save.
- Click Obtain New Token, and authenticate if necessary.
- Add a new Organizational Identity Source, via Configuration >> Organizational Identity Sources >> Add Organizational Identity Source.
- Set the plugin type to OrcidSource.
- After clicking Save, you will be taken to the configuration page.
- An Additional ORCID Redirect URI will be presented. Return to the ORCID developer tools and add this second Redirect URI.
- Both Redirect URIs are required for the ORCID Source Plugin to fully function.
- Set the Server to the one created in step 2, and click Save.
- An Additional ORCID Redirect URI will be presented. Return to the ORCID developer tools and add this second Redirect URI.
Configuration (Registry v3.1.0 and earlier)
In order to use the ORCID Source Plugin, you must first have an ORCID iD. For non-members, it will be necessary to use credentials established from a personal ORCID iD, ORCID does not currently support "institutional" or "service" accounts except for paid members.
- If you have not already done so, register for an ORCID iD.
- Add a new Organizational Identity Source, via Configuration >> Organizational Identity Sources >> Add Organizational Identity Source.
- Set the plugin type to OrcidSource.
- After clicking Save, you will be taken to the configuration page, which will include the ORCID Redirect URI you will need in a moment.
- Open a new tab or window (you will come back to the configuration page shortly) and login to your ORCID account.
- If you haven't already, enable developer tools.
- Register your application. Note that ORCID appears to only allow one registration per personal ORCID account, though multiple redirect URIs can be specified. Add the redirect URI as provided by the COmanage plugin configuration, above.
- Copy the Client ID and Client Secret provided by ORCID into the Registry plugin configuration, and click Save. Registry will attempt to verify the credentials before completing the save.