Getting our users email

Saravanan Kuppusamy

unread,

Apr 5, 2019, 10:47:09 AM4/5/19

to ORCID API Users

Hi, In our App, I use ORCID login Oath, using the information at https://orcid.org/developer-tools, I can get the OAUTH CODE using Authorize request. And then I curl the details to get the ORCID along with access_token. Now, I use the access token to get the email of the user using curl as follows, but the response has no email. Please advise how to fix.

curl -i -H "Accept: application/vnd.orcid+xml" -H 'Authorization: Bearer af744627-92fa-4f3b-ae6c-99fb9eb19603' 'https://api.orcid.org/v2.0/0000-0002-1244-7382/email'

Thanks in advance.

r.bla...@orcid.org

unread,

Apr 5, 2019, 12:14:37 PM4/5/19

to ORCID API Users

Hi,

Are you sure that this is the correct token for this ORCID? Could you post the error you are getting so we can check?

Please use Sandbox.orcid.org for testing where you can and try not share tokens in the clear

Thanks

Rob

Saravanan Kuppusamy

unread,

Apr 5, 2019, 12:41:47 PM4/5/19

to ORCID API Users

Dear Rob, Thanks for your question. Here isarethe details. I have used {{}} to hide the credentials.

FIRST CALL VIA BROWSER:

https://orcid.org/oauth/authorize?client_id={{myid}}&response_type=code&scope=/authenticate&redirect_uri=https://www.novareader.co/orcidredirect.html

CURL CALL USING THE KEY RECEIVED AFTER USER AUTHENTICATION

curl -i -L -k -H 'Accept: application/json' --data 'client_id=APP-ZOB9758WX4LUY58S&client_secret=6e90fe13-2a2f-46b1-b53c-d3b86ddf4365&grant_type=authorization_code&redirect_uri=https://www.novareader.co/orcidredirect.html&code={{receivedcode}}' https://orcid.org/oauth/token

RESPONSE TO THE ABOVE CALL

{"access_token":"{{access_token}}","token_type":"bearer","refresh_token":"{{removed from here to share}}","expires_in":631138518,"scope":"/authenticate","name":"Saravanan Kuppusamy","orcid":"{{customerorcid}}"}

curl -i -H "Accept: application/vnd.orcid+xml" -H 'Authorization: Bearer {{access_token}}' 'https://api.orcid.org/v2.0/{{customerorcid}}/email'

RESPONSE TO THE ABOVE CALL

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<response-code>401</response-code>

<developer-message>401 Unauthorized: The client application is not authorized for this ORCID record. Full validation error: The client application is forbidden to perform the action.</developer-message>

<user-message>The client application is not authorized.</user-message>

<error-code>9017</error-code>

<more-info>https://members.orcid.org/api/resources/troubleshooting</more-info>

</error>

BY REMOVING API FROM API.ORCID.ORG

curl -i -H "Accept: application/vnd.orcid+xml" -H 'Authorization: Bearer {{access_token}}' 'https://orcid.org/v2.0/{{customerorcid}}/email'

RESPONSE TO THE ABOVE CALL

HTTP/2 302

date: Fri, 05 Apr 2019 16:37:39 GMT

content-length: 0

set-cookie: __cfduid=da9fc5e94c3a40c5c0b061fea733babf41554482258; expires=Sat, 04-Apr-20 16:37:38 GMT; path=/; domain=.orcid.org; HttpOnly

cache-control: no-cache, no-store, max-age=0, must-revalidate

location: https://orcid.org/signin

expires: 0

pragma: no-cache

x-xss-protection: 1; mode=block

x-content-type-options: nosniff

set-cookie: X-Mapping-fjhppofk=44B27ECF9D6192E10AC06F4274772E24; path=/

set-cookie: XSRF-TOKEN=feb87335-82ef-4cdd-b558-38ba904561e4; Path=/

set-cookie: JSESSIONID=603347570908C156A18DACD3CE72D465; Path=/; Secure; HttpOnly

x-frame-options: SAMEORIGIN

expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

server: cloudflare

cf-ray: 4c2cf2a139e1c926-HYD

r.bla...@orcid.org

unread,

Apr 5, 2019, 1:28:37 PM4/5/19

to ORCID API Users

Hi Saravanan,

Thanks very much for the extra information. You are getting that error because you need additional scopes in your initial call. For reading Person items you need the /read-limited scope as well as the authenticate scope.

Like so https://orcid.org/oauth/authorize?client_id={{myid}}&response_type=code&scope=/authenticate%20/read-limited%20&redirect_uri=https://www.novareader.co/orcidredirect.html

Please check out our docs on reading person information here https://github.com/ORCID/ORCID-Source/blob/master/orcid-api-web/tutorial/personal_info.md

Hope that helps,

Rob

r.bla...@orcid.org

unread,

Apr 5, 2019, 2:13:43 PM4/5/19

to ORCID API Users

Hi there,

Seems I made some mistakes in my response to you, my apologies. As you are using a public client /read-limited won't work. Instead try following this guideto get a two step read public token which will give you the correct permissions:

https://github.com/ORCID/ORCID-Source/blob/0b9b11ffde6cfd1645b77dd803f20ee36f1b7a8b/orcid-api-web/tutorial/read_public.md

Rob

Wilmers, Catalina

unread,

Apr 5, 2019, 2:15:04 PM4/5/19

to Blackburn, Rob, ORCID API Users

Hi Saravanan,

I wanted to follow up as I don't think think this is a scope issue. The /authenticate scope allows you to read public information on an ORCID record. The problem is that you're using a access token issued to a public client on the member API, only member clients work on the member API. If you change the url to pub.orcid.org instead of api.orcid.org your call will work as expected. For example:

curl -i -H "Accept: application/vnd.orcid+xml" -H 'Authorization: Bearer af744627-92fa-4f3b-ae6c-99fb9eb19603' 'https://pub.orcid.org/v2.0/0000-0002-1244-7382/email'

Best,

-Catalina

--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orcid-api-use...@googlegroups.com.
To post to this group, send email to orcid-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/orcid-api-users.
For more options, visit https://groups.google.com/d/optout.

Saravanan Kuppusamy

unread,

Apr 5, 2019, 11:50:41 PM4/5/19

to ORCID API Users

Hi Rob,

Thanks. According to the documentation /read-limited is included in the /authenticate. So it is not required to add that. Anyway, even if I add /read-limited in the scope then the browser returns as invalid scope.

Saravanan Kuppusamy

unread,

Apr 5, 2019, 11:53:42 PM4/5/19

to ORCID API Users

Dear Catalina,

Brilliant!! Thank you. It works as per your guidance.

On Friday, April 5, 2019 at 11:45:04 PM UTC+5:30, Catalina Oyler wrote:

Hi Saravanan,

I wanted to follow up as I don't think think this is a scope issue. The /authenticate scope allows you to read public information on an ORCID record. The problem is that you're using a access token issued to a public client on the member API, only member clients work on the member API. If you change the url to pub.orcid.org instead of api.orcid.org your call will work as expected. For example:

curl -i -H "Accept: application/vnd.orcid+xml" -H 'Authorization: Bearer af744627-92fa-4f3b-ae6c-99fb9eb19603' 'https://pub.orcid.org/v2.0/0000-0002-1244-7382/email'

Best,
-Catalina

On Fri, Apr 5, 2019 at 11:13 AM r.blackburn via ORCID API Users <orcid-a...@googlegroups.com> wrote:

Hi there,

Seems I made some mistakes in my response to you, my apologies. As you are using a public client /read-limited won't work. Instead try following this guideto get a two step read public token which will give you the correct permissions:

https://github.com/ORCID/ORCID-Source/blob/0b9b11ffde6cfd1645b77dd803f20ee36f1b7a8b/orcid-api-web/tutorial/read_public.md

Rob

--
You received this message because you are subscribed to the Google Groups "ORCID API Users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to orcid-a...@googlegroups.com.

Reply all

Reply to author

Forward