Fall 2016 Sprint Report: OAuth integration
The aim of the OAuth group at the PKP Sprint 2016 in Fredericton was to provide the possibility for the users to log into the system using their credentials from other applications, e.g. using their ORCID, Google, or Facebook account. During the sprint a generic plugin was developed that allows users to log into OJS with their ORCID account.
For the authentication with ORCID, the ORCID public API is used. Access to the ORCID API requires a set of credentials consisting of a Client ID and a Client Secret. Thus, first the journal needs to register for the API credentials, c.f. http://support.orcid.org/knowledgebase/articles/343182. Once the credentials are obtained, they should be entered in the plugin settings. In the same way the other applications with their credentials can be added, for the moment however we worked only with ORCID.
Once the plugin is configured i.e. the application with the necessary credentials added, the possibility to log in with this application will be displayed on the journals login page.
When using the ORCID account to log in, the user will first be redirected to the ORCID site, where he/she can sign in. If the ORCID authorization is successful, the user will be logged in in OJS and redirected to his/her OJS dashboard page.
Next to come:
In order to be able to log in with their ORCID accounts, the users first have to explicitly associate their ORCID account with their OJS account/profile. This step has not been implemented yet, but is next to come.
Further, we will extend the plugin to consider other application, like Google and Facebook. Thereby the plugin structure will be kept flexible, so that any additional application can be easily considered.
If you would like to take a look at the code, test or contribute, please see https://github.com/ulsdevteam/pkp-oauth. Otherwise, stay tuned and tell us what you think about it!
Bozana Bokan and Clinton Graham