NAME

LibreCat::Auth::SSO::ORCID - implementation of LibreCat::Auth::SSO for ORCID

SYNOPSIS

#in your app.psgi

builder {

    #Register THIS URI in ORCID as a new redirect_uri
    mount "/auth/orcid" => LibreCat::Auth::SSO::ORCID->new(
        client_id => "APP-1",
        client_secret => "mypassword",
        sandbox => 1,
        uri_base => "http://localhost:5000",
        authorization_path => "/auth/orcid/callback"
    )->to_app;

    #DO NOT register this uri as new redirect_uri in ORCID
    mount "/auth/orcid/callback" => sub {

        my $env = shift;
        my $session = Plack::Session->new($env);
        my $auth_sso = $session->get("auth_sso");

        #not authenticated yet
        unless( $auth_sso ){

            return [ 403, ["Content-Type" => "text/html"], ["forbidden"] ];

        }

        #process auth_sso (white list, roles ..)

        #auth_sso is a hash reference:
        #{
        #    package => "LibreCat::Auth::SSO::ORCID",
        #    package_id => "LibreCat::Auth::SSO::ORCID",
        #    response => {
        #        content_type => "application/json",
        #        content => ""{\"orcid\":\"0000-0002-5268-9669\",\"token_type\":\"bearer\",\"name\":\"Nicolas Franck\",\"refresh_token\":\"222222222222\",\"access_token\":\"111111111111\",\"scope\":\"/authenticate\",\"expires_in\":631138518}
        #    },
        #    uid => "0000-0002-5268-9669",
        #    info => {
        #        name => "Nicolas Franck"
        #    },
        #    extra => {}
        #}

        #you can reuse the "orcid" and "access_token" to get the user profile

        [ 200, ["Content-Type" => "text/html"], ["logged in!"] ];

    };

};

DESCRIPTION

This is an implementation of LibreCat::Auth::SSO to authenticate against a ORCID (OAuth) server.

It inherits all configuration options from its parent.

CONFIG

Register the uri of this application in ORCID as a new redirect_uri.

DO NOT register the authorization_path in ORCID as the redirect_uri!

client_id

client_id for your application (see developer credentials from ORCID)

client_secret

client_secret for your application (see developer credentials from ORCID)

sandbox

0|1. Defaults to "0". When set to "1", this api makes use of http://sandbox.orcid.org instead of http://orcid.org.

AUTHOR

Nicolas Franck, <nicolas.franck at ugent.be>

SEE ALSO

LibreCat::Auth::SSO