The ORCID Member API uses OAuth 2.0 to manage its authentication. This document describes how to use Google Developers’ OAuth 2.0 Playground to explore OAuth for the ORCID environment.
Tutorial 2: Mirror API
The Glass Class at HIT Lab NZ
Learn how to program and develop for Google Glass.
https://www.youtube.com/watch?v=nml8qE6SF9k&list=PLsIGb72j1WOlLFoJqkhyugDv-juTEAtas
http://arforglass.org
http://www.hitlabnz.org
Die neue Ausgabe enthält ebenfalls aktuellste Daten und Angaben zur Wirtschaft Polens, insbesondere zum Investitionsklima. Die Publikation liefert Informationen über das polnische Rechts-, Steuer- und Wirtschaftssystem, über die Umsetzung von Investitionsprojekten sowie über die gewerbliche Tätigkeit von ausländischen Unternehmen in Polen.
Die Ausübung gewerblicher Tätigkeit im Ausland ist mit mehreren Risiken behaftet, die dann aber zu verhindern sind, wenn man lokale Einflussfaktoren und Grundsätze der Unternehmenstätigkeit besser versteht. Durch seine Publikation zeigt JP Weber den ausländischen Investoren verschiedene Investitionsmöglichkeiten in Polen, erklärt auch Schritt für Schritt einzelne Stufen des Eintritts in den polnischen Markt. In dem Handbuch sind ebenfalls die Beschreibung der in Polen verfügbaren Formen der Unternehmenstätigkeit sowie Informationen über das Steuersystem, Investitionsanreize, Buchführungsregeln und Beschäftigung von Arbeitskräften zu finden. Darüber hinaus gibt es Auskunft über den Investitionsprozess sowie über Vorschriften, die für ausländische Investoren von Bedeutung sind.
Mehr Informationen auf www.jpweber.com
Tutorial 2: Mirror API
The Glass Class at HIT Lab NZ
Learn how to program and develop for Google Glass.
https://www.youtube.com/watch?v=nml8qE6SF9k&list=PLsIGb72j1WOlLFoJqkhyugDv-juTEAtas
http://arforglass.org
http://www.hitlabnz.org
Die neue Ausgabe enthält ebenfalls aktuellste Daten und Angaben zur Wirtschaft Polens, insbesondere zum Investitionsklima. Die Publikation liefert Informationen über das polnische Rechts-, Steuer- und Wirtschaftssystem, über die Umsetzung von Investitionsprojekten sowie über die gewerbliche Tätigkeit von ausländischen Unternehmen in Polen.
Die Ausübung gewerblicher Tätigkeit im Ausland ist mit mehreren Risiken behaftet, die dann aber zu verhindern sind, wenn man lokale Einflussfaktoren und Grundsätze der Unternehmenstätigkeit besser versteht. Durch seine Publikation zeigt JP Weber den ausländischen Investoren verschiedene Investitionsmöglichkeiten in Polen, erklärt auch Schritt für Schritt einzelne Stufen des Eintritts in den polnischen Markt. In dem Handbuch sind ebenfalls die Beschreibung der in Polen verfügbaren Formen der Unternehmenstätigkeit sowie Informationen über das Steuersystem, Investitionsanreize, Buchführungsregeln und Beschäftigung von Arbeitskräften zu finden. Darüber hinaus gibt es Auskunft über den Investitionsprozess sowie über Vorschriften, die für ausländische Investoren von Bedeutung sind.
Mehr Informationen auf www.jpweber.com
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this talk, you will get a concise introduction into OAuth 2.0 and OIDC.
We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group.
So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.
If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We'll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a "draft," many aspects of the spec change from month to month and it's sometimes hard to keep up. We'll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You'll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
Presented at Open Source Bridge 2011
http://opensourcebridge.org/sessions/686
Current list of OAuth 2 Providers
http://aaronparecki.com/The_Current_State_of_OAuth_2
As part of MobiliYa Spread Knowledge Initiative Presentation Series.
Agenda
1.Intro -Auth-Authentication & Authorization & SSO
2.OAuth2 in Depth
3.Where does JWT fit in ?
4.How to do stateless Authorization using OAUTH2 & JWT ?
5.Some Sample Code ? How easy is it to implement ?
Automating Cloud Operations: Everything You Wanted to Know about cURL and RESTRevelation Technologies
All cloud service providers support seamless cloud automation and management through a REST API architecture allowing for single tasks or complex multi-step orchestrations to be created. REST has become the de facto standard for these cloud interfaces because of its ease of us, communication over HTTP, and wide support of nearly all programming languages and operating systems.
Where do you start? How do you decipher the API documentation? Where do you authenticate? And how do you create cloud resources programmatically?
This presentation walks through the fundamentals of REST, how its invoked through cURL, as well as a live demonstration of the automated provisioning of Oracle Cloud services through cURL/REST.
What the Heck is OAuth and OIDC - UberConf 2018Matt Raible
OAuth is not an API or a service: it is an open standard for authorization and any developer can implement it. OAuth is a standard that applications can use to provide client applications with “secure delegated access”. OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials, which we will go over in depth below. OpenID Connect (OIDC) is built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the user and to obtain their basic profile information.
This session covers how OAuth 2.0 and OIDC work, when to use them, and frameworks/services that simplify authentication.
Blog: https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth
Online Tools:
- https://oauth.com/playground
- https://oauthdebugger.com
- https://oidcdebugger.com
Never Build Auth Again → https://developer.okta.com
HTTP is the protocol of the web, and in this session we will look at HTTP from a web developer's perspective. We will cover resources, messages, cookies, and authentication protocols and we will see how the web scales to meet demand using cache headers. Armed with the fundamentals about HTTP, you will have the knowledge not only to build better Web/Mobile applications but also for consuming Web API.
ORCID Overview: Why your Lifelong Identifier is Important in the Digital Age ...ORCID, Inc
"ORCID overview: why your lifelong identifier is important in the digital age" presented by Nobuko Miyairi, ORCID Regional Director for Asia Pacific, at the ORCID workshop on 28 February 2017.
"Identifying Springer's Author (with ORCID iD) on SpringerLink and the benefits" presented by Hazman Aziz, Account Development Manager for Southeast Asia at Springer Nature, at ORCID's Malaysia workshop on 28 February 2017.
More Related Content
Similar to ORCID OAuth Dance with google playground
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this talk, you will get a concise introduction into OAuth 2.0 and OIDC.
We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group.
So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.
If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We'll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a "draft," many aspects of the spec change from month to month and it's sometimes hard to keep up. We'll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You'll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
Presented at Open Source Bridge 2011
http://opensourcebridge.org/sessions/686
Current list of OAuth 2 Providers
http://aaronparecki.com/The_Current_State_of_OAuth_2
As part of MobiliYa Spread Knowledge Initiative Presentation Series.
Agenda
1.Intro -Auth-Authentication & Authorization & SSO
2.OAuth2 in Depth
3.Where does JWT fit in ?
4.How to do stateless Authorization using OAUTH2 & JWT ?
5.Some Sample Code ? How easy is it to implement ?
Automating Cloud Operations: Everything You Wanted to Know about cURL and RESTRevelation Technologies
All cloud service providers support seamless cloud automation and management through a REST API architecture allowing for single tasks or complex multi-step orchestrations to be created. REST has become the de facto standard for these cloud interfaces because of its ease of us, communication over HTTP, and wide support of nearly all programming languages and operating systems.
Where do you start? How do you decipher the API documentation? Where do you authenticate? And how do you create cloud resources programmatically?
This presentation walks through the fundamentals of REST, how its invoked through cURL, as well as a live demonstration of the automated provisioning of Oracle Cloud services through cURL/REST.
What the Heck is OAuth and OIDC - UberConf 2018Matt Raible
OAuth is not an API or a service: it is an open standard for authorization and any developer can implement it. OAuth is a standard that applications can use to provide client applications with “secure delegated access”. OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials, which we will go over in depth below. OpenID Connect (OIDC) is built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the user and to obtain their basic profile information.
This session covers how OAuth 2.0 and OIDC work, when to use them, and frameworks/services that simplify authentication.
Blog: https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth
Online Tools:
- https://oauth.com/playground
- https://oauthdebugger.com
- https://oidcdebugger.com
Never Build Auth Again → https://developer.okta.com
HTTP is the protocol of the web, and in this session we will look at HTTP from a web developer's perspective. We will cover resources, messages, cookies, and authentication protocols and we will see how the web scales to meet demand using cache headers. Armed with the fundamentals about HTTP, you will have the knowledge not only to build better Web/Mobile applications but also for consuming Web API.
ORCID Overview: Why your Lifelong Identifier is Important in the Digital Age ...ORCID, Inc
"ORCID overview: why your lifelong identifier is important in the digital age" presented by Nobuko Miyairi, ORCID Regional Director for Asia Pacific, at the ORCID workshop on 28 February 2017.
"Identifying Springer's Author (with ORCID iD) on SpringerLink and the benefits" presented by Hazman Aziz, Account Development Manager for Southeast Asia at Springer Nature, at ORCID's Malaysia workshop on 28 February 2017.
"ORCID at Universiti of Kuala Lumpur" presented by Puan Pazilah Hamzah, Senior Manager and Head of the Tunku Azizah Knowledge Centre at Universiti Kuala Lumpur, at the ORCID Malaysia workshop on 28 February 2017.
ORCID as a Community Initiative (N. Miyairi)ORCID, Inc
"ORCID as a community initiative" presented by Nobuko Miyairi, ORCID Regional Director for the Asia Pacific, at the ORCID Malaysia workshop on 28 February 2017.
Spreading the ORCID Word: ORCID Communications Webinar (2016.12)ORCID, Inc
This webinar, delivered 13 December 2016, discusses effective practices in encouraging adoption and use of ORCID iDs by researchers in your community.
Topics include:
- Key messages about ORCID (by audience, where applicable)
- Successful techniques for delivering those messages
- Useful resources from ORCID and the ORCID Community
1. Using OAuth 2.0 Playground
How to set up OAuth 2.0 Playground to work with the ORCID’s OAuth and APIs
Table of Contents
Introduction 1
About Google Developers OAuth 2.0 Playground 1
STEP A: Create an API Client App for the Developers’ Sandbox 1
STEP B: Set up the Playground 2
OAuth 2.0 configuration 2
STEP C: Use the Playground 3
Step 1 – Select & authorize APIs 3
Step 2 – Exchange authorization codes for tokens 3
Step 3 – Configure request to API 4
Introduction
The ORCID Member API uses OAuth 2.0 to manage its authentication. This document
describes how to use Google Developers’ OAuth 2.0 Playground to explore OAuth for
the ORCID environment.
About Google Developers OAuth 2.0 Playground
ORCID does not maintain or develop for the OAuth 2.0 Playground. This tool was
created by Google who exclusively maintains its code. While we will try to maintain this
documentation so that it is up-to-date, changes in Google’s platform could make these
instructions in accurate from time-to-time. Your contributions will help us to maintain
this document.
STEP A: Create an API Client App for the Developers’
Sandbox
Before you can make any request you need to create an API client that will give you a
consumer KEY, and SECRET. If you’ve ever used an API before you can think of the
client as your API KEY. It is required to help identify your application which may be a
web-application, a server-side script that does some backend integration or a piece of
Javascript that pulls information from the Registry.
Please see our knowledge base for more information on this step:
http://orcid.uservoice.com/knowledgebase/articles/116739-register-a-client-application
Now that you have a client, you can move onto making some actual requests!
1
2. Understanding the ORCID OAuth Dance
STEP B: Set up the Playground
The first thing you will need to do is set up the playground to work with the ORCID
environment. Go to the OAuth 2.0 Playground URL, and click the gear to configure it:
https://developers.googlecom/oauthplayground/
OAuth 2.0 configuration
OAuth flow: Server-side
OAuth endpoints: custom
Authorization endpoint: http://devsandbox.orcid.org/oauth/authorize
Token endpoint: http://api.devsandbox.orcid.org/oauth/token
Access token location: Authorization header w/Bearer prefix
OAuth Client ID: (from your client registration - <client-id>)
OAuth Client secret: (from your client registration - <client-secret>))
A Shortcut: The following URL has been configured as described above – you
will only need to enter your Client ID and secret:
https://developers.google.com/oauthplayground/#step3&url=http%3A//api.devsand
box.orcid.org/&content_type=application/json&http_method=GET&useDefaultOa
uthCred=unchecked&oauthEndpointSelect=Custom&oauthAuthEndpointValue=htt
2
3. Understanding the ORCID OAuth Dance
p%3A//devsandbox.orcid.org/oauth/authorize&oauthTokenEndpointValue=http%3
A//api.devsandbox.orcid.org/oauth/token&includeCredentials=unchecked&accessT
okenType=bearer&autoRefreshToken=unchecked&accessType=offline&forceApro
valPrompt=checked&response_type=code
STEP C: Use the Playground
OBTAIN A TOKEN: You are going to
be using the Playground to obtain a
token as described in the knowledge
base article Tokens Through 3-legged
OAuth Authentication
(http://orcid.uservoice.com/
knowledgebase/articles/119676-
tokens-through-3-legged-oauth-
authorization)
USE THE APIs: Once you have a
token, you will use it to perform API
calls as described in the ORCID API
Guide
(http://orcid.uservoice.com/
knowledgebase/articles/116874-orcid-
api-guide).
Step 1 – Select & authorize APIs
Enter a scope from one described in the knowledge base at:
(http://orcid.uservoice.com/knowledgebase/articles/120162-orcid-scopes).
When you click the Authorize APIs, the user will be requested to log in (or create a
new ORCID ID), and then authorize the scope that you have created. For this step, you
will find it handy to have (or create
during this process) an account on the
Developers Sandbox that you will be
using as your “researcher” who is
“authorizing the scopes”.
Step 2 – Exchange
authorization codes for tokens
Once the end user (most likely
represented by you logging in in this
example) has authorized a specific
scope, you will receive an authorization
code which you will see displayed in
step two. Click “Exchange authorization
3
4. Understanding the ORCID OAuth Dance
code for tokens”. This action will create an access token that you will see in the
“Request/Response” window to the right of the screen.
The Response:
Note the “access_token” that was provided via OAuth – you will be using this token to
configure your request to the API.
Step 3 – Configure request to API
Next you are going to configure and send your request to the API
NOTE: The screen shot above was taken from a different server. Your request URI should be
http://api.devsandbox.orcid.org/[REQUEST].
Since the requested scope limits what you will be able to see, you always will be able to use the
following URI in the Developers Sandbox: http://api.devsandbox.orcid.org/[ORCID_ID]
You will set the HTTP Method, Request URI and Headers as described in the ORCID
API Guide (http://orcid.uservoice.com/knowledgebase/articles/116874-orcid-api-guide).
4
5. Understanding the ORCID OAuth Dance
A special note about the Authorize Header
You will need to add an “authorize” header that will contain your access code preceded
by the term “bearer”
A special note about the Accept Header
You can format the result to be HTML, XML or JSON by setting an “accept” header and
setting the value to one of those shown below.
Format Accept Header Description
HTML text/html Redirects to the ORCID web user
interface to display the result
XML application/orcid+xml OR XML conforming to the orcid-
application/xml message.xsd
JSON application/orcid+json OR JavaScript Object Notation equivalent to
application/json the orcid-message.xsd
The Response
In the Request / Response window you will see the resulting content based on the API
call. For example:
GET /0000-0002-9652-3185 HTTP/1.1 Host: api.orcid.orc.test.semantico.net Authorize: bearer 5e1b56ed-
3388-435a-95e3-08d6e94f73fa Content-length: 0 Authorization: Bearer f8db2f09-d862-4318-84bc-
a2ed1cd89648
HTTP/1.1 200 OK Content-length: 1382 Via: HTTP/1.1 GWA Content-location:
http://api.orcid.orc.test.semantico.net/0000-0002-9652-3185 X-google-cache-control: remote-fetch Server:
Apache-Coyote/1.1 Date: Wed, 05 Sep 2012 00:26:31 GMT Content-type: text/html;charset=UTF-8
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<orcid-message xmlns="http://www.orcid.org/ns/orcid">
<message-version>1.0.3</message-version>
<orcid-profile type="user">
<orcid>0000-0002-9652-3185</orcid>
<orcid-history>
5
6. Understanding the ORCID OAuth Dance
<creation-method>website</creation-method>
<completion-date>2012-08-17T18:41:48.816+01:00</completion-date>
<submission-date>2012-08-17T18:41:44.703+01:00</submission-date>
<claimed>true</claimed>
</orcid-history>
<orcid-bio>
<personal-details>
<given-names>Laura</given-names>
<family-name>Paglione</family-name>
<credit-name visibility="public">Laura AD Paglione</credit-name>
<other-names visibility="public"/>
</personal-details>
<biography visibility="public"></biography>
<external-identifiers visibility="public"/>
<affiliations>
<affiliation visibility="public">
<affiliation-name>ORCID</affiliation-name>
<affiliation-type>current-primary-institution</affiliation-type>
<role-title>Administrator</role-title>
</affiliation>
</affiliations>
</orcid-bio>
<orcid-activities/>
</orcid-profile>
</orcid-message>
Document Revision History
Ver Date Who Description
2.0 28 Sep Laura Paglione Refreshed document to reference articles in the
2012 new Knowledge Base.
1.2 11 Sep Laura Paglione Fixed the provided “quick start” URL for the
2012 Playground. Corrected a typo introduced in
version 1.1.
1.1 10 Sep Laura Paglione Updated the URLs in step B for the Token and
2012 authorize endpoints. Thanks to William Penney!
1.0 6 Sep 2012 Laura Paglione Updated to include the limitation of the OAuth
Playground to accommodate new registrations
during the Authorize process.
0.5 4 Sep 2012 Laura Paglione Initial Draft
6