Access Token Format
86 views
Skip to first unread message
Chris Chapman
Nov 5, 2018, 8:45:42 PM11/5/18
to ORCID API Users
At the moment our repository for storing ORCID information can only store strings in all uppercase (don't ask).
I'm trying to find out if the access token will always be lowercase alpha-numeric (so that we can safely convert), or if there is a chance that it could contain mixed case characters?
Is there a standard or some documentation that I could refer to; my search-fu was weak.
regards,
Chris
Peters, Robert
Nov 6, 2018, 3:34:17 AM11/6/18
to Chris Chapman, orcid-a...@googlegroups.com
Hi Chris,
You can review the OAuth2 spec: https://tools.ietf.org/html/rfc6749#section-1.4
We are not likely to officially commit to anything stricter than the spec.
Cheers,
Rob
Robert Peters
Timezone: PST
Key for OpenPGP email communication:
https://keys.mailvelope.com/pks/lookup?op=get&search=0x1519F37D99E18378
Key for OpenPGP email communication:
https://keys.mailvelope.com/pks/lookup?op=get&search=0x1519F37D99E18378
--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orcid-api-use...@googlegroups.com.
To post to this group, send email to orcid-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/orcid-api-users.
For more options, visit https://groups.google.com/d/optout.
Demeranville, Tom
Nov 6, 2018, 6:01:16 AM11/6/18
to Robert Peters, lazie...@gmail.com, orcid-a...@googlegroups.com
Further to this, our access tokens are type 4 randomly generated GUIDs. These are essentially hex encoded numbers with hyphens for readability. In theory they are case insensitive, but this differs between platforms and cannot be relied upon.
When retrieving from our database, we match these in a case sensitive way, i.e. require them to be submitted to us in the same case we issued them. We issue them using the standard Java UUID generator, which uses lower case letters.
When retrieving from our database, we match these in a case sensitive way, i.e. require them to be submitted to us in the same case we issued them. We issue them using the standard Java UUID generator, which uses lower case letters.
Dustin Windibank
Nov 6, 2018, 9:41:58 AM11/6/18
to t.demer...@orcid.org, r.pe...@orcid.org, lazie...@gmail.com, orcid-a...@googlegroups.com
Chris,
One option would be to Base16 encode the token. That would waste space in your database, but would insulate you from any changes to how the token is generated.
Example: ae1155fb-0926-40b8-a472-1b448241f53a
Ecoded: 61653131353566622D303932362D343062382D613437322D3162343438323431663533610A
 |
Dustin Windibank Manager, Software Services |
519-569-7600 x5062
31 Caroline St. N., Waterloo, ON N2L 2Y5
Peters, Robert
Nov 6, 2018, 9:59:58 AM11/6/18
to dwind...@perimeterinstitute.ca, Demeranville, Tom, Chris Chapman, orcid-a...@googlegroups.com
That is a brilliant and simple idea! Thanks Dustin.
Robert Peters
Timezone: PST
Key for OpenPGP email communication:
https://keys.mailvelope.com/pks/lookup?op=get&search=0x1519F37D99E18378
Key for OpenPGP email communication:
https://keys.mailvelope.com/pks/lookup?op=get&search=0x1519F37D99E18378
Chris Chapman
Nov 6, 2018, 1:43:33 PM11/6/18
to Peters, Robert, dwind...@perimeterinstitute.ca, Demeranville, Tom, orcid-a...@googlegroups.com
Fantastic! Thank you.
Reply all
Reply to author
Forward
0 new messages