COmanage Registry includes an Organizational Source plugin for ORCID. Since Registry version 4.4.0, this plugin may be used with either the member or public ORCID API, enabling COmanage Registry enrollment flows to request user access permissions to interact with their ORCID Record via the ORCID API.
This recipe describes how to integrate COmanage Registry with ORCID to collect ORCID iDs and API tokens for reading and writing to ORCID Records.
Recipe Ingredients
- This recipe requires COmanage Registry version 4.4.0 or later.
- Assumes the presence of an ORCID API client (member or public).
- Install Plugins
Install the ORCID Source Org Identity Source Plugin - Configure Source and Server
- Establish an ORCID API Client
- Configure an ORCID OAuth 2.0 Server
- Configure the ORCID Source
- Enable user feature
Enable users to connect their ORCID iD (and provide read/write permissions) via an enrollment flow - Obtain ORCID Tokens via Registry API
Get stored ORCID Access and Refresh Tokens via the Registry API - REF: Use the ORCID access tokens
Recipe Steps
1. Install Plugins
COmanage Registry supports several types of plugins in order to easily customize and extend Registry functionality. Plugins may be one of three types, each of which has a different process for being installed and enabled: Supported Core Plugins, Supported Non-core Plugins, and External Plugins.
2. Configure Org Identity Source and Server
All plugins have basic settings related to their Class. In addition, some plugins have plugin-specific settings to configure the specifics of the plugin.
Some connections also require a configuration of a Server to connect to an external system.
3. Enable user feature
By adding an ORCID Source, you have enabled the possibility of linking ORCID iDs (and access permissions) for any CO Person record. You may enable users to link their ORCID iD to their CO Person record in Registry via an enrollment flow.
4. Obtain stored tokens using the Registry API
(v4.4.0 and later) COmanage Registry stores collected ORCID access tokens that are obtained during the OAuth 2.0 flow. These tokens can be retrieved via the Registry REST API.
5. Use the ORCID access tokens (REFERENCE ONLY)
FOR REFERENCE ONLY
These instructions in this section are NOT intended to provide instruction or guidance on the use of the ORCID API.
At all times, you should consult your security guidelines and seek the advice of experts when using the ORCID API and information obtained through its use, particularly when using the ORCID Production environment. The resources in this section are designed ONLY to provide links to what might be helpful references.
Recipe Variations and Complements
Managing Access Tokens
Use ORCID Refresh Tokens
Since the Access Token stored in the COmanage database will not be updated when you use the Refresh Token, the stored access token may be unreliable for use. You may address this by using the refresh token to get and use a fresh access token each time that you want to make an API call to read or write information in an ORCID Record.
About Revoked Access Tokens
ORCID users may revoke access tokens (and related permissions) at any time through the ORCID platform. This action will affect your ability to use an Access Token stored in the COmanage database. (Using a revoked access token will generate an error. See the ORCID API Errors resource for more information.) Note that the token information stored in the COmanage database will not be updated if a user revokes permissions.
Known Limitations
An enrollment flow for linking an ORCID ID and permissions will only work once for each user to collect ORCID API tokens and permissions. Although the ORCID API allows for one to request multiple access tokens for a user (which can contain different permissions), the COmanage Registry ORCID plugin will only allow the first request to go through.
Similarly, COmanage Registry will not know if a user revokes a token, so the enrollment flow currently may not be used to re-establish permissions that have been revoked by the user because the previous token is stored in the COmanage Registry database.