Update to redirect URI requirements (DEADLINE 26 September)

Skip to first unread message

Tom Demeranville

Aug 4, 2022, 4:04:59 AM8/4/22
to ORCID API Users
Get ready for more robust OAuth security

ORCID’s community expects and deserves the highest caliber of security we can offer, so we will begin implementing heightened security protocols for our OAuth integration clients, starting with our 26 September release. This will require an update from some users of both our public or member APIs to ensure we are able to keep our software up to date with the latest security patches. 

If you have an integration that uses our public or member API, we will require exact domains to be registered for the OAuth redirect URIs and will no longer make exceptions for non-matching subdomains.

Will my integration be affected? 

The ORCID Engagement team will be reaching out to ORCID member organizations, as well as a few select public API clients. If you have an integration with our Public API and are not an ORCID member, this guide [https://info.orcid.org/faq/how-do-redirect-uris-work/] will help you figure out if you are affected.

If you are affected, you will need to sign in and update your redirect URI configuration. Rest assured this can be a quick and simple process, and the guide linked above will outline, step-by-step, how to do this.


Reply all
Reply to author
0 new messages