- Incorporating an ORCID sign in button/link as an option for signing into your site
- Linking your account with the ORCID iD/sign in
- Recognizing an ORCID sign in as a valid authentication for your system
Member flow: Sign in using ORCID credentials
The first thing that users should see is a screen inviting them to sign into your system. Since you will be enabling users to sign into your system using alternate credentials, possibly in addition to those already used by your system, the sign in options could be displayed as illustrated below.
There are two possible scenarios where the user’s accounts on your system and ORCID have not yet been linked:
- The user first signs into your system, or
- The user first signs into the ORCID registry.
- The user first signs into your system
- The user enters their sign in credentials for your system.
- For a successful sign in, present an option for the user to connect an ORCID account.
- If the user chooses this option, initiate an authentication flow via OAuth to receive an authenticated ORCID iD, as well as request other permissions such as reading from or writing to the user's ORCID Record (if desired).
- Once the user returns to your site, store the authenticated ORCID iD with the user’s account, as well as an access token to read from or write to the user’s ORCID Record where relevant.
- The user first signs into the ORCID registry
- When the user clicks the “Sign in with ORCID” button, your system initiates an authentication flow via OAuth to receive an authenticated ORCID iD.
- Once user returns to your site, check whether the returned iD already exists in your system.
- If yes, continue to step 3, “Recognizing an ORCID sign-in”.
- If no, request that the user sign into your system to associate the two accounts, as well as request other permissions such as reading from or writing to the user's ORCID Record (if desired).
- After a successful sign in, store the ORCID iD with the user’s account, as well as an access token to read from or write to the user’s ORCID record where relevant.
Once accounts are linked, your system will need to recognize whether a user with a linked account has signed in using ORCID Registry credentials.
To recognize whether an ORCID sign in is a valid authentication:
- Obtain the ORCID iD using an authentication flow via OAuth. If the iD matches one in your system, consider the associated account to be signed in.
- Check whether the user is signed into ORCID, where appropriate. Reinitiate a sign-in request if required by your system’s security protocol.