Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update OAuth and API URLs with correct prefixes #304

Open
3 of 4 tasks
ewhanson opened this issue Dec 7, 2023 · 4 comments
Open
3 of 4 tasks

Update OAuth and API URLs with correct prefixes #304

ewhanson opened this issue Dec 7, 2023 · 4 comments
Assignees
@ewhanson

Comments

@ewhanson
Copy link

ewhanson commented Dec 7, 2023
edited
Loading

Update OAuth and API URLs

The URLs used in the plugin must be updated to use the correct endpoint for each action.

The correct endpoints per ORCID are as follows (see Orcid Github for documentation):

Environment Purpose URL
Production Authorization requests https://orcid.org/oauth/authorize
Production Token exchange https://orcid.org/oauth/token
Production Public API calls https://pub.orcid.org/[version]
Production Member API calls https://api.orcid.org/[version]
Sandbox Authorization requests https://sandbox.orcid.org/oauth/authorize
Sandbox Token exchange https://sandbox.orcid.org/oauth/token
Sandbox Public API https://pub.sandbox.orcid.org/[version]
Sandbox Member API https://api.sandbox.orcid.org/[version]

Previously, the /oauth/token endpoint was accessed via https://pub.orcid.org/oauth/token and is now accessed via https://orcid.org/oauth/token. A redirect is in place from the old URL to the new (as announced in the ORCID API Users Group, but the plugin was not previously following the redirects (see pkp/orcidProfile#281). While this solved the /oauth/token redirect issue, it introduced a new issue by completely replacing the URL for public API calls from https://pub.orcid.org/[version] to https://orcid.org/[version], the latter of which is not a valid URL and redirects to the central sign in page.

This issue was tricky to track down as much of the public API functionality is satisfied with the response of the /oauth/authorize step of the OAuth authentication process, which includes among other things, the access/refresh token and the authenticated users ORCID.

Ensuring all OAuth related actions use the corresponding https://orcid.org/[endpoint] or https://sandbox.orcid.org/[endpoint] URL while the calls to the versioned APIs use the correct pub or api prefixes as needed.

In summary, all API and authentication URLs should function as listed above.

Regardless of sandbox status:

  • OAuth related URLs should have no additional prefix
  • Public API calls should be prefixed with pub
  • Member API calls should be prefixed with api

This change will affect stable-3_3_0, stable-3_4_0, main, and potentially stable-3_2_1 if that version of the plugin is still maintained.

TODOs

  • stable-3_2_1
  • stable-3_3_0
  • stable-3_4_0
  • main
@ewhanson ewhanson self-assigned this Dec 7, 2023
ewhanson added a commit to ewhanson/orcidProfile that referenced this issue Dec 8, 2023
@ewhanson
pkp#304 Update OAuth and API URLs with correct prefixes
43dcd96
@ewhanson
Copy link
Author

ewhanson commented Dec 8, 2023
edited
Loading

PRs:

ewhanson added a commit to ewhanson/orcidProfile that referenced this issue Dec 8, 2023
@ewhanson
pkp#304 Update OAuth and API URLs with correct prefixes
47a1102
ewhanson added a commit to ewhanson/orcidProfile that referenced this issue Dec 9, 2023
@ewhanson
pkp#304 Update OAuth and API URLs with correct prefixes
2279cfb
@ewhanson
Copy link
Author

ewhanson commented Dec 9, 2023

@bozana, could you review these changes? They update the API URLs, account for the non-pub prefixed URL being saved in the database, and update the OAuth-related calls to use the plain orcid.org or sandbox.orcid.org URLs. Thanks!

@bozana
Copy link

bozana commented Dec 11, 2023

Hi @ewhanson, great! That all looks good to me. Thanks a lot!

ewhanson added a commit that referenced this issue Dec 11, 2023
@ewhanson
#304 Update OAuth and API URLs with correct prefixes
79b3170
ewhanson added a commit that referenced this issue Dec 11, 2023
@ewhanson
#304 Update OAuth and API URLs with correct prefixes
f89d1dd
ewhanson added a commit that referenced this issue Dec 11, 2023
@ewhanson
#304 Update OAuth and API URLs with correct prefixes
c2da9a1
@ewhanson
Copy link
Author

Thanks, @bozana! I've merged them. I'll leave the issue open until I have a chance to get these changes reflected in main, considering the current rewrite underway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ewhanson ewhanson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bozana @ewhanson