UPDATE: OAuth change planned for 15th November 2pm - All ORCID integrators need to read this!

[Tom Demeranville]

ORCID’s community expects and deserves the highest caliber of security we can offer, so we will begin implementing heightened security protocols for our OAuth integration clients, starting with our 15th November release. This will require an update from some users of both our public or member APIs to ensure we are able to keep our software up to date with the latest security patches. 

If you have an integration that uses our public or member API, we will require exact domains to be registered for the OAuth redirect URIs and will no longer make exceptions for non-matching subdomains.

Will my integration be affected? 

The ORCID Engagement team will be reaching out to ORCID member organizations, as well as a few select public API clients. If you have an integration with our Public API and are not an ORCID member, this guide [https://info.orcid.org/faq/how-do-redirect-uris-work/] will help you figure out if you are affected.

If you are affected, you will need to sign in and update your redirect URI configuration. Rest assured this can be a quick and simple process, and the guide linked above will outline, step-by-step, how to do this.

Tom