The Redirect URI works as follows:
OJS has a set of addresses it can respond to.
- OJS production: my public web address is
http://ojsPublicAddress
- OJS development: my restricted web address is:
http://ojsPrivateAddress
OJS will append its address onto the OAuth request to ORCID:
-
https://orcid.org/oauth/authorize?response_type=code&client_id=secret&redirect_uri=http://ojsPublicAddress/orcidAuth
For example, note that here OJS production is telling ORCID to redirect the user back tohttp://ojsPublicAddress/orcidAuth
after successful login.
ORCID has a list of allowed redirect URIs per Client key:
- permit:
http://ojsPublicAddress
- permit:
http://ojsPrivateAddress
- permit:
https://developers.google.com/oauthplayground/
If ORCID does not recognize the URL is is given in the redirect request, it will not honor the OAuth request.