orcid authentication problem

[mauric...@gmail.com]

hello

me again, testing a better authentication with Orcid :-)

and see below it fails... not recognizing my own orcid password

I have an orcid Id https://orcid.org/0000-0003-0537-256X

and I went through the "developper-tool" to get an  orcid Application Id for Erddap

Client ID

APP-JEELF97KYPJ5MR0F

Client secret

157a4ed0-9bba-4053-af4c-f9d9d7287b92

** so i put these identifiers in setup.xml

<orcidClientID>APP-JEELF97KYPJ5MR0F</orcidClientID>
<orcidClientSecret>157a4ed0-9bba-4053-af4c-f9d9d7287b92</orcidClientSecret>

** put these user in datasets.xml

(I put both my orcid Id and my email adresse registered in orcid)

<user username="0000-0003-0537-256X" roles="Rohtmnet" />
<user username="maurice.libes_at_osupytheas.fr" roles="Rohtmnet" />

until there that works...

when I log in via erddap I get the orcid  authenication page

so Erddap is well redirected towards orcid

 Authenticate with your ORCID iD.

but when I give my own orcid Id 0000-0003-0537-256X and my orcid password

it fails

ERROR: Login failed: Invalid code from ORCID: unexpected ORCID iD=0000-0003-0537-256X

what can be wrong ?

many thanks

Maurice

[Bob Simons]

First, the client secret should be kept secret. So please generate a new client secret, use the new one and don't share it with anyone.

Second, for now, comment out <user username="maurice.libes_ ...

If you eventually go with the orcid option, remove it.

Third, my guess as to the problem is that you didn't set

    <authentication>orcid</authentication> 

(or "oauth2") in setup.xml. 

I am guessing that because you didn't mention doing it in your email and you said you gave ERDDAP your Orcid password but ERDDAP should send you to an Orcid  web page (you didn't mention that) where you enter your ID and password. 

Log in at https://coastwatch.pfeg.noaa.gov/erddap/login.html with the Orcid option to see what it should look like.

I hope that helps.

[Bob Simons]

Oops. I see that you did say you got redirected to the orcid web page. 

If you have any comments to my comments (notably, can you log in to my ERDDAP via Orcid?), let me know. 

In any case, I'll keep thinking about what might have gone wrong.

[mauric...@gmail.com]

yes  i omitted to mention that I had put the authencation "orcid" in the setup.xml
  <authentication>orcid</authentication>

the redirection toward the orcid login succeed
the problem is after

I also tried the orcid  login on your erddap server https://coastwatch.pfeg.noaa.gov/erddap/login.html

and  it is the same than on my own server :

i) a first phase where the orcid login seems to succeed  and that say I was signed in
ii) and a second phase  where I clicked on a button on the login page

and then I got the error message below... and then I can't ever sign in

"ERROR: Login failed: Invalid code from ORCID: unexpected ORCID iD=0000-0003-0537-256X"'

I really dont understand

maybe a problem with my orcid account?

thanks for help to understand

Maurice

[Bob Simons]

Thanks for that information.

I see what the problem is: ERDDAP expects the ORCID ID to have the form dddd-dddd-dddd-dddd where d is 0-9. 

But now (maybe even long ago), X as the last character is also valid. 

See https://support.orcid.org/hc/en-us/articles/360006897674-Structure-of-the-ORCID-Identifier

This change will be in the next release of ERDDAP, hopefully soon.

Sorry about that.

Thanks for reporting this problem.

So If you need a solution for your project right now, you can use the Google or custom authentication options.

[mauric...@gmail.com]

great... I can wait the next version to solve this problem

meanwhile I will use the custom method just for 1 or 2 datasets

thanks Bob , bye

Maurice