OpenID connect and implicit OAuth beta programme
136 views
Skip to first unread message
Demeranville, Tom
Sep 28, 2017, 8:55:08 AM9/28/17
to ORCID API Users
All,
ORCID is adding support for OpenID connect and the implicit OAuth flow
to the registry and would like to work with beta testers who are
interesting in using either or both of these technologies. We have
several example implementations that demonstrate OpenID in action and
would like feedback on our implementation and proof that it is
suitable for our production service. If you are interested in
participating in the beta programme, please get in touch.
What is OpenID connect?
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0
protocol. It supplements existing OAuth authentication flows and
provides information about users to clients in a well described
manner.
Why OpenID connect?
OpenID connect is a standardised way of implementing OAuth and sharing
information about authenticated users. It will now be possible to
configure services to use ORCID “out of the box” alongside other
standards compliant OpenID connect providers. OpenID connect also
provides sharable ID tokens, which are signed objects that can prove a
user authenticated using ORCID at a specific time. These tokens can
be used by user interface elements to maintain user sessions.
What is the implicit OAuth flow?
The implicit flow is designed so that clients do not need to use their
secret key to initiate ORCID sign in, which means that browser-only
clients can collect authenticated ORCID IDs. This flow is limited to
authentication only and cannot be used to request update privileges or
the limited/private section of ORCID records.
Why implicit OAuth?
Implicit OAuth lowers the barrier to entry when integrating
applications with ORCID. The implicit flow is simple to develop and
can be deployed without complex server side infrastructure. Our
example implementation is a mere 44 lines of html and javascript.
Cheers,
Tom Demeranville
ORCID is adding support for OpenID connect and the implicit OAuth flow
to the registry and would like to work with beta testers who are
interesting in using either or both of these technologies. We have
several example implementations that demonstrate OpenID in action and
would like feedback on our implementation and proof that it is
suitable for our production service. If you are interested in
participating in the beta programme, please get in touch.
What is OpenID connect?
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0
protocol. It supplements existing OAuth authentication flows and
provides information about users to clients in a well described
manner.
Why OpenID connect?
OpenID connect is a standardised way of implementing OAuth and sharing
information about authenticated users. It will now be possible to
configure services to use ORCID “out of the box” alongside other
standards compliant OpenID connect providers. OpenID connect also
provides sharable ID tokens, which are signed objects that can prove a
user authenticated using ORCID at a specific time. These tokens can
be used by user interface elements to maintain user sessions.
What is the implicit OAuth flow?
The implicit flow is designed so that clients do not need to use their
secret key to initiate ORCID sign in, which means that browser-only
clients can collect authenticated ORCID IDs. This flow is limited to
authentication only and cannot be used to request update privileges or
the limited/private section of ORCID records.
Why implicit OAuth?
Implicit OAuth lowers the barrier to entry when integrating
applications with ORCID. The implicit flow is simple to develop and
can be deployed without complex server side infrastructure. Our
example implementation is a mere 44 lines of html and javascript.
Cheers,
Tom Demeranville
Reply all
Reply to author
Forward
0 new messages