Orcid login by OAuth Api stopped working

167 views
Skip to first unread message

Adam Laska

unread,
Apr 6, 2023, 6:39:18 AM4/6/23
to ORCID API Users

We have integrated ORCID login on our page (mostwiedzy.pl) and all was working fine until this Monday, when it stopped.

It turns out that after redirecting to ORCID yours API calls our page with authorization code twice.

Screenshot-20230404154534-565x79.png

So this code is validated twice and of course it generates error due to token being already used (after successfully accept token in first request):

Authentication request failed. {"exception":"[object] (Symfony\\Component\\Security\\Core\\Exception\\AuthenticationException(code: 0): OAuth error: \"Reused authorization code: kQu_K4\"

Debugging your page i also notice this:

Screenshot-orcid-double-login.png

Your javascript code fire (and console.out) code verification page twice.

How can i prevent this situation and can you check if this is not your bug?

How can i fix this problem?

Adam Laska

unread,
Apr 6, 2023, 6:40:16 AM4/6/23
to ORCID API Users
After extended debugging we found out that blocking Google Tag Manager in uBlock eliminates problem

Angel Montenegro

unread,
Apr 6, 2023, 8:34:33 AM4/6/23
to ORCID API Users
Hi Adam, Im Angel, tech manager at ORCID.

Thanks for reporting this problem, could you please give us more details about it? Recently we noticed that UBlock and GA caused issues in some browsers, however, we already implement a fix for that (More details here https://trello.com/c/RA9Itvcc/8539-investigate-ga-analytics-errors-blocking-user-stories).

What browser are you using? What OS? Is this in sandbox.orcid.org or in orcid.org?

Thanks for your help.

Adam Laska

unread,
Apr 6, 2023, 8:44:30 AM4/6/23
to ORCID API Users
Problem exists in Chrome and  Firefox both on Linux and Windows.
Ex. it exists in Chrome Version 111.0.5563.146 (Official Build) (64-bit) on Linux where i don't have any plugins.
Blocking GA with uBlock we tested on Firefox 111 on Windows

We tested on orcid.org only becouse some of our clients reported it.  I have this problem all time and coudn't turn off GA with Ghostery (no mater if Ghostery was enabled, off, blocked or not blocked, always code athorization is called twice)

Angel Montenegro

unread,
Apr 8, 2023, 2:57:29 PM4/8/23
to ORCID API Users
Hi Adam, 

Just to let you know that we have found a solution for the problem and we are planning to fix the problem in orcid.org early next week.

Thanks

Angel Montenegro

unread,
Apr 11, 2023, 12:32:06 PM4/11/23
to ORCID API Users
Hi Adam, 

Thanks again for reporting this, we just released the fix and I can't reproduce the issue anymore, could you please verify and confirm?

Thanks

Adam Laska

unread,
Apr 12, 2023, 2:41:53 AM4/12/23
to ORCID API Users
I confirm that login works fine now. Thanks
Reply all
Reply to author
Forward
0 new messages