Login with ORCID

ORCID provides a persistent identifiers for researchers and through integration in key research workflows such as manuscript and grant submission, supports automated linkages between you and your professional activities ensuring that your work is recognized.

This guide will show you how to enable your users to login with their ORCID account in Invenio. The underlying authentication protocol is based on OAuth which is the same used for enabling other social logins (like login with Twitter, Google, etc).

ORCID API credentials

In order to integrate your Invenio instance with ORCID the first step is to apply for a client id/secret to access the ORCID Sandbox.

Please, follow the official ORCID documentation for this part.

After successful application for an API client application key you should receive in your inbox an email with your Client ID and Client secret. You will need this information when configuring Invenio in the next step.

Redirect URI

After a user have authenticated on the ORCID site, the user will be redirected to a given page on the Invenio side. ORCID requires you to provide a list of authorized URI prefixes that could be allowed for this redirection to happen.

Depending on the SERVER_NAME used to configure the Invenio installation, you should fill this parameter with:

https://<SERVER_NAME>/oauth/authorized/orcid/

Configuring Invenio

In order to enable OAuth authentication for ORCID, just add these line to your var/instance/invenio.cfg file.

from invenio_oauthclient.contrib import orcid

OAUTHCLIENT_REMOTE_APPS = dict(
        orcid=orcid.REMOTE_SANDBOX_APP,
)

ORCID_APP_CREDENTIALS = dict(
        consumer_key="<your-orcid-client-id>",
        consumer_secret="<your-orcid-client-secret>",
)

where the client id and client secret are those provided by ORCID in the previous step.

If you can now visit::

https://<SERVER_NAME>/login

you will be able to see ORCID authentication enabled:

_images/orcid-login.png

Sign-up on first login

The first time a user try to login with ORCID, they will be required to provide a username and email address. This is because ORCID does provide this information and it is required by Invenio in order to register an account.