ORCID Authentication

From Dryad wiki
Jump to: navigation, search

See also description on the DSpace wiki.

Users can authenticate to Dryad using an ORCID account.

Workflow

Some technical notes on the workflow for this system:

  • If the ORCID user has not made their email public or limited access, it will not be available in the released user data from ORCID.
  • When returning from ORCID, Dryad looks up the EPerson based on the ORCID first. If there is no matching ORCID, Dryad links the ORCID to the existing logged-in account OR creates a new EPerson. Dryad does *not* add a new email address to the account, because there is a risk that emails coming from ORCID are not validated.
  • When it is the case that the ORCID is not already in DSpace and the ORCID user has not made their email available, then challenge the user with two options (change ORCID email to be visible, or create a link to an existing DSpace account)

Configuration

  • Configuration of the ORCID Authentication is performed using config/modules/authentication-oauth.cfg
  • The credentials must be inserted into the maven settings file.

Open questions

  1. How to set up test/dev VMs to login so developers can bypass the ORCID login process?