ORCID Sandbox Installation

[Piyapong Charoenwattana]

I have installed the Dataverse v4.8.6 on my test server. I have also registered ORCID sandbox account. I have updated the client id and client secret in orcid-sandbox.json. Then, configured the Dataverse using command curl -X POST -H 'Content-type: application/json' --upload-file orcid-sandbox.json http://localhost:8080/api/admin/authenticationProviders. 

I have have tried to logged in using ORCID Sandbox authentication and I have got an error message.

Authentication Error - Dataverse could not authenticate your ORCID login. Please make sure you authorize your ORCID account to connect with Dataverse. For more details about the information being requested, see the User Guide.

Remote system did not return an authorization code.

If you believe this is an error, please contact UAL Dataverse for assistance.

I have looked in the server.log file. Here is an error message.

[2018-06-07T10:43:33.986-0600] [glassfish 4.1] [INFO] [] [edu.harvard.iq.dataverse.authorization.providers.oauth2.OAuth2LoginBackingBean] [tid: _ThreadID=27 _ThreadName=http-listener-1(1)] [timeMillis: 1528389813986] [levelValue: 800] [[

  OAuth2Exception getting code parameter. HTTP return code: -1. Message: Remote system did not return an authorization code. Message body: ]]

Could you please let me know how I can fix this?

Thanks,

[Pete Meyer]

Hi Piyapong,

The message body being empty in that exception trace suggests to me that either the client ID / client secret you've entered may be incorrect, or that the ORCID API sandbox may be down.

Best,
Pete

[Piyapong Charoenwattana]

Thanks, Pete. I will check them.

[Piyapong Charoenwattana]

The client id and client secret are correct. It is still not working. My test server is behind a firewall. Is that a problem? I have installed Github and Google authentications. They are working properly.

[Pete Meyer]

Having the test server behind a firewall shouldn't be a problem (as far as I know); especially if the other OAuth methods are working. 

In the past I've run into issues with sandbox vs production ORCID configuration; but I double-checked the orcid-sandbox.json in 4.8.6 to confirm that it looks correct.  As of a few minutes ago, I was able to log into one of our test systems that's using the ORCID sandbox - so it appears that the sandbox is also working.  It may be worth double-checking the callback url you've configured on the ORCID side, and possibly the fqdn - but again, other OAuth methods working suggest to me that these aren't the problem

Have you been able to confirm that your sandbox credentials are working with any other systems?

Best,
Pete

[Piyapong Charoenwattana]

In the orcid-sandbox.json, do I need to replace {ORCID} with my orcid id?

[Pete Meyer]

On Thursday, June 7, 2018 at 4:49:01 PM UTC-4, Piyapong Charoenwattana wrote:

In the orcid-sandbox.json, do I need to replace {ORCID} with my orcid id?

No.
 

[Piyapong Charoenwattana]

I have got the redirect url, http://unixdev8.library.ualberta.ca:8080/oauth2/callback.xhtml?error=invalid_scope&error_description=Invalid%20scope:%20/read-limited&state=orcid-sandbox~4CRIrcDh_wJ2RafXzZ0QxG7gHmmb_qvi6lCsa6lnAjUOO1BhIfTL4LfS7BwwZi3tgAeg971TuNbshkW_t.LDfQ--&scope=/authenticate%20openid%20/read-public. 

[Pete Meyer]

Both of the scopes look like they're what they're supposed to be (although I may be getting out of my depth OAuth2-wise here), but that error clearly indicates they're invalid.  I'm wondering if it's possible that there's some lag in the sandbox (propagating your client id / client secret) - was this a recent ORCID sandbox registration?

[Philip Durbin]

Piyapong, I'm not sure how helpful this suggestion is but you *could* enable Google or GitHub authentication just as a sanity check that you're able to use any of the supported OAuth providers. You probably know this but the docs are here: http://guides.dataverse.org/en/4.8.6/installation/oauth2.html#obtain-client-id-and-client-secret

The last time I tried this it was easiest and most straightforward to set up auth with GitHub. Google wasn't too bad but the UI was more complicated. With ORCID you have to email their support.

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-community+unsub...@googlegroups.com.
To post to this group, send email to dataverse-community@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/8bfa19d0-97be-4c67-8801-2aeba1116b18%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin

[Piyapong Charoenwattana]

Yes, it is a recent sandbox registration. I registered it couple days ago.

[Piyapong Charoenwattana]

Thank you both. I will contact the ORCID support.

To post to this group, send email to dataverse...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/8bfa19d0-97be-4c67-8801-2aeba1116b18%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Piyapong Charoenwattana]

It turned out that I need to get the sandbox member API client id to make a request with read-limited permissions. I have got the client id and secret. It is working now.

[Pete Meyer]

Glad to hear that it's working for you now.