Deleting authenticated ORCIDs should revoke tokens #10318
Comments
ewhanson
added
the
Enhancement:1:Minor
|
Ready for review @ewhanson Description
PRs:pkp lib - https://github.com/pkp/pkp-lib/pull/10333/files submodule updates |
|
Thanks @taslangraham. Looks good! Just a few comments in the PR. I also had a question about the placement of the delete button: 
I'm not sure how easy it would be, but if possible, I think it would be better if it were in-line with the ORCID URL, same as the Vue component. |
|
@ewhanson thanks for the review. In response to your suggestion,
I'm working on a few UI changes on #10319, I could apply the suggested UI change as a part of that issue |
|
That sounds good @taslangraham, feel free to make that UI change there. |
|
@ewhanson I've made the suggested updates. Please take a look |
|
All merged, thanks @taslangraham! |
Describe the issue
When a user authenticates their ORCID and links it to OJS, an access and refresh token are created and stored in the database. Currently, when an ORCID is deleted, the ORCID along with the tokens are deleted from the database, but they are not revoked from ORCID. Whenever an authenticated ORCID is removed from OJS, the corresponding tokens should be removed as well as described in the ORCID documentaiton.
For the
FieldOrcidVue component, this revocation can be done as part of the OJS API call here:pkp-lib/api/v1/orcid/OrcidController.php
Line 129 in 0fb17c2
This will need to be handled separately for the user profile ORCID connection workflow.
What application are you using?
OJS, OMP, and OPS version 3.5,
mainbranchAdditional information
This will apply only to the
mainbranch.The text was updated successfully, but these errors were encountered: