Getting the authorisation code programatically

[Mateusz Susik]

Hi!

I'm the author of the python-orcid library. In the past I used a request such as below to get the authorisation code:

curl -X POST -H 'Accept: */*' -H 'Accept-Encoding: gzip, deflate' -H 'Connection: keep-alive' -H 'Content-Length: 138' -H 'Content-Type: application/json;charset=UTF-8' -H 'Host: <HOST>' -H 'Origin: <ORIGIN> -H 'User-Agent: python-requests/2.25.1' -d '{"userName": "<USERNAME>", "password": "<PASSWORD>", "approved": true, "persistentTokenEnabled": true, "redirectUrl": null}' https://sandbox.orcid.org/oauth/custom/login.json

The request unfortunately outputs a 400 without specyfying the reason for it. Could you tell me why the request is bad?

Few years ago I had a similar problem, and I remember that I required a CSRF token to avoid the 400 code. To do that I had been sending a GET request to: https://sandbox.orcid.org/oauth/authorize . Unfortunately the response does not contain the token anymore.

What would be the right way to get the authorisation code these days without a web-browser interaction?

Thanks,
Mateusz

[Fran Alsina]

Hi Mateusz,

Thank you for your message.

Please, find here the step-by-step instructions on how to do the 3-legged OAuth process, including how to exchange the authorization code for an access token: 

https://orcid.github.io/orcid-api-tutorial/

https://info.orcid.org/ufaqs/how-does-3-legged-oauth-work/

Bear in mind that our latest API version is version 3.0. Please, work with the latest supported version. Find here all the information about our API: 

https://github.com/ORCID/orcid-model/blob/master/src/main/resources/record_3.0/README.md

I hope that this helps.

Best regards,