LibreCat::Auth::SSO::ORCID - implementation of LibreCat::Auth::SSO for ORCID
#in your app.psgi
builder {
#Register THIS URI in ORCID as a new redirect_uri
mount '/auth/orcid' => LibreCat::Auth::SSO::ORCID->new(
client_id => "APP-1",
client_secret => "mypassword",
sandbox => 1,
authorization_url => "${base_url}/auth/orcid/callback"
)->to_app;
#DO NOT register this uri as new redirect_uri in ORCID
mount "/auth/orcid/callback" => sub {
my $env = shift;
my $session = Plack::Session->new($env);
my $auth_sso = $session->get('auth_sso');
#not authenticated yet
unless($auth_sso){
return [403,["Content-Type" => "text/html"],["forbidden"]];
}
#process auth_sso (white list, roles ..)
#auth_sso is a hash reference:
#{ type => "ORCID", response => "<response-from-orcid>" }
#the response from orcid is in this case a json string containing the following data:
#
#{
# 'orcid' => '<orcid>',
# 'access_token' => '<access_token>',
# 'refresh_token' => '<refresh-token>',
# 'name' => '<name>',
# 'scope' => '/orcid-profile/read-limited',
# 'token_type' => 'bearer',
# 'expires_in' => '<expiration-date>'
#}
#you can reuse the 'orcid' and 'access_token' to get the user profile
[200,["Content-Type" => "text/html"],["logged in!"]];
};
};
This is an implementation of LibreCat::Auth::SSO to authenticate against a ORCID (OAuth) server.
It inherits all configuration options from its parent.
Register the uri of this application in ORCID as a new redirect_uri.
DO NOT register the authorization_url in ORCID as the redirect_uri!
client_id for your application (see developer credentials from ORCID)
client_secret for your application (see developer credentials from ORCID)
0|1. Defaults to '0'. When set to '1', this api makes use of http://sandbox.orcid.org instead of http://orcid.org.