Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private Emails from ORCID Obstruct OAuth #2115

Open
gmeben opened this issue May 10, 2024 · 1 comment
Open

Private Emails from ORCID Obstruct OAuth #2115

gmeben opened this issue May 10, 2024 · 1 comment
Labels
🪲 bug Something isn't working 💍 feature New feature or request

Comments

@gmeben
Copy link
Contributor

gmeben commented May 10, 2024
edited
Loading

Describe the bug

ORCID does not allow OAuth permission requests to read an ORCID user's email. By default, email visibility settings are set to private on ORCID accounts. This means, more often than not, emails from ORCID accounts will be unable to be matched with emails in Pilcrow accounts. When attempting to authenticate on Pilcrow with an ORCID account, the interaction will be treated like a registration instead of an authentication. When the user attempts to add their email, Pilcrow will report that the email address is already taken.

To Reproduce

  1. Register an ORCID account
  2. Register a Pilcrow account without OAuth using the same email address as the ORCID account
  3. Log out of Pilcrow
  4. Visit the login page on Pilcrow
  5. Click the button labeled "Log in with ORCID"
  6. Fill out the form using the same email address as the ORCID account
  7. Note that the email address is considered invalid as a duplicate

Expected behavior
Emails from ORCID accounts should be able to be matched for ORCID OAuth.

Fallback:
When a user's email address is not provided from ORCID, prompt the user with an explanation of what's happening, steps to take on ORCID, and require an acknowledgement before proceeding to the "Continue Registration" form.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

Relevant GitHub issue: ORCID/ORCID-Source#5504
@gmeben gmeben added 💍 feature New feature or request 🪲 bug Something isn't working labels May 10, 2024
@gmeben
Copy link
Contributor Author

gmeben commented Jul 31, 2024

From MSU's ORCID representative:

If you are wanting to get/read a user’s email address and their email address is set to private in their ORCID record, which is the default, you won’t be able to retrieve it even if your client app is authorized as a trusted org by the user. You can only get the users email address if it is set to public or “trusted parties” visibility. In this case, ORCID recommends not forcing the user to change their privacy setting but rather asking the user to type in their email address. You can read more about this question here: https://groups.google.com/g/orcid-api-users/c/OWCeZFUQrjg

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🪲 bug Something isn't working 💍 feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gmeben