NAME
LibreCat::Auth::SSO::ORCID - implementation of LibreCat::Auth::SSO for ORCID
SYNOPSIS
#in your app.psgi
builder {
#Register THIS URI in ORCID as a new redirect_uri
mount "/auth/orcid" => LibreCat::Auth::SSO::ORCID->new(
client_id => "APP-1",
client_secret => "mypassword",
sandbox => 1,
uri_base => "http://localhost:5000",
authorization_path => "/auth/orcid/callback"
)->to_app;
#DO NOT register this uri as new redirect_uri in ORCID
mount "/auth/orcid/callback" => sub {
my $env = shift;
my $session = Plack::Session->new($env);
my $auth_sso = $session->get("auth_sso");
#not authenticated yet
unless( $auth_sso ){
return [ 403, ["Content-Type" => "text/html"], ["forbidden"] ];
}
#process auth_sso (white list, roles ..)
#auth_sso is a hash reference:
#{
# package => "LibreCat::Auth::SSO::ORCID",
# package_id => "LibreCat::Auth::SSO::ORCID",
# response => {
# content_type => "application/json",
# content => ""{\"orcid\":\"0000-0002-5268-9669\",\"token_type\":\"bearer\",\"name\":\"Nicolas Franck\",\"refresh_token\":\"222222222222\",\"access_token\":\"111111111111\",\"scope\":\"/authenticate\",\"expires_in\":631138518}
# },
# uid => "0000-0002-5268-9669",
# info => {
# name => "Nicolas Franck"
# },
# extra => {}
#}
#you can reuse the "orcid" and "access_token" to get the user profile
[ 200, ["Content-Type" => "text/html"], ["logged in!"] ];
};
};
DESCRIPTION
This is an implementation of LibreCat::Auth::SSO to authenticate against a ORCID (OAuth) server.
It inherits all configuration options from its parent.
CONFIG
Register the uri of this application in ORCID as a new redirect_uri.
DO NOT register the authorization_path in ORCID as the redirect_uri!
- client_id
-
client_id for your application (see developer credentials from ORCID)
- client_secret
-
client_secret for your application (see developer credentials from ORCID)
- sandbox
-
0|1. Defaults to "0". When set to "1", this api makes use of http://sandbox.orcid.org instead of http://orcid.org.
AUTHOR
Nicolas Franck, <nicolas.franck at ugent.be>