ORCID iD not retrieved

Hi @ctgraham,
I changed the OJS configuration to support HTTPS and I also updated the URI Redirect. However, the problem remains with the exception of the message

Password fields present on an insecure (http://) page. This is a security risk that allows user login credentials to be stolen.[Learn More] register

that is not shown anymore. The Console is not showing any other error message other than the ones related to the font

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://jsime.org/lib/pkp/fonts/fontawesome/fontawesome-webfont.woff2?v=4.3.0. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). (unknown)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://jsime.org/lib/pkp/fonts/fontawesome/fontawesome-webfont.woff?v=4.3.0. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). (unknown)
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://jsime.org/lib/pkp/fonts/fontawesome/fontawesome-webfont.ttf?v=4.3.0. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). (unknown)

Do you have any other idea why ORCID plugin is not working?

Thank you,
Gustavo

Are you familiar with editing PHP and do you have confidence in where your PHP errors are logged? I think our next step would be to start debugging the code, but that would require modifying the PHP code to add some error_log() statements to give some more information in the logs.

@ctgraham,
I can try to make those changes. I know how to program, but I do not know PHP.

The system is not in production yet, thus in the worst case I can recover the original PHP files.

Yes, I know where the PHP error logs are stored in my system.

Thank you,
Gustavo

Hi @gnardin @ctgraham,

I had a similar problem on OJS.3.0.2.
I downloaded the master version from GitHub - pkp/orcidProfile: A plugin to pull ORCID information into a PKP user profile, and uploaded files through FTP to my server to replace the contents of the plugins/generic/orcidProfile folder.
I had to force HTTPS redirect on my shared server location through .htaccess.
Also, I had to try go to the ORCID website, log in to my ORCID account, go to Developper tools, and try several set ups for Redirect URIs:

  • https://[path-to-my-OJS-install]/orcidapi/orcidAuthorize
  • https://[path-to-my-OJS-install]/orcidapi/orcidAuthorize?targetOp=register&params=
  • https://[path-to-my-OJS-install]/oauth/token
    In addition, in accordance with the explanations included in this post (OJS v3 ORCID integration & auto-update - #21 by ctgraham), I also added the following Redirect URIs:
  • https://[path-to-my-OJS-install]/orcidapi/orcidAuthorize?targetOp=profile&params=
  • https://[path-to-my-OJS-install]/user/register
  • https://[path-to-my-OJS-install]/user/profile
  • https://[path-to-my-OJS-install]/orcidAuth
    As a result, when I click on “create or connect your ORCID” button (either within my personal profile/Public tab in my OJS dashboard, or on the Register page on my public website), I am able to authorize the connection of my OJS install to ORCID, but no information is retrieved.

In addition, I also encounter layout issues (running bootstrap3 theme): the “create or connect your ORCID” buttons in both “Register” webpage and “Personal Profile/Public” tab in dashboard now show a huge ORCID iD logo…
I tried to look up the ORCID css file, but could not make sense out of it (lacking any knowledge in css coding).
16

[perhaps does @asmecher have a hint on this issue?]

See here for possible interference with Bootstrap3 theme: Registering a new user in 3.0.2 - #8 by afisher

Hi @afisher,

See ORCID iD not retrieved - #6 by gnardin.

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

Thanks for your prompt reply.
I checked the fix suggested here above: ORCID iD not retrieved - #7 by ctgraham
Actually, my installed files seemed to be perfectly updated.
To be sure, I downloaded the OrcidProfile master branch agin from github, and uploaded to my shared hosting location, overwriting the existing files.
For a start, this solved my layout issues (the Orcid logo and button are now showing up in a more humane and ergonomic way).
However, my registration form is still not being populated by my orchid data (I obviously used an Orcid ID associated to an email address and names that are not yet registered to my journal).
Hence, I followed the suggestion of ctgraham to uncomment the window.close() statement contained here: ORCID iD not retrieved - #17 by ctgraham
The popup window where I am supposed to authorize my journal to retrieve info from Orcid does work as before, but after authorizing this, I am getting a blank popup window (and no info populating my registration form). I asked my browser Safari to “Show error console” for the blank popup window. And here is what I get:

<html><body><script type="text/javascript">
    					opener.document.getElementById("firstName").value = null;
    					opener.document.getElementById("lastName").value = null;
    					opener.document.getElementById("email").value = null;
    					opener.document.getElementById("orcid").value = "http:\/\/orcid.org\/";
    					opener.document.getElementById("connect-orcid-button").style.display = "none";
    *					window.close();
    				</script></body></html>

Basically, for the little I understand, I am getting only void metadata from Orcid…
I have OJS supporting https, I have set up a generic Redirect URI (my journal’s host name) on the Orcid side.
I have tried clearing template cache in OJS, and resetting Orcid’s Client secret key for my redirect URI.
Nothing would do.
I did not try debugging the code as suggested here: ORCID iD not retrieved - #21 by ctgraham as I don’t know where to start playing with error_log()

Any other hints of how I could solve this?

Hi @afisher,

I see a line of code flagged as problematic, but I don’t see the Javascript error message that goes with it. Can you check the browser console to see if there’s an error message?

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,
Thank you for taking the time to respond.
Here’s what I did to try provide more information:

  1. Went to /plugins/generic/orcidProfile/pages/OrcidHandler.inc.php and uncommented statement window.close() by adding an asterisk * at beginning of the corresponding [last line]:

     case 'register':
     	echo '<html><body><script type="text/javascript">
     		opener.document.getElementById("firstName").value = ' . json_encode($json['name']['given-names']['value']) . ';
     		opener.document.getElementById("lastName").value = ' . json_encode($json['name']['family-name']['value']) . ';
     		opener.document.getElementById("email").value = ' . json_encode($json['email']['value']) . ';
     		opener.document.getElementById("orcid").value = ' . json_encode($orcid_uri). ';
     		opener.document.getElementById("connect-orcid-button").style.display = "none";
     		window.close();
    
  2. Went to config.inc.php and made the following configurations:
    enable_minified = Off
    display_errors = On

Here is are what I hope are the Javascript error messages my browser returns when pulling an “authorize” request in the Orcid connector pop up window:

Notice: Undefined variable: son in /home/web1238/public_html/OJS/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php on line 78
Notice: Undefined variable: json in /home/web1238/public_html/OJS/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php on line 79
Notice: Undefined variable: json in /home/web1238/public_html/OJS/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php on line 80

That refers precisely to the fields that are returned as “null” from Orcid, https://github.com/pkp/orcidProfile/blob/master/pages/OrcidHandler.inc.php#L78-L80

78					opener.document.getElementById("firstName").value = ' . json_encode($json['name']['given-names']['value']) . ';
79					opener.document.getElementById("lastName").value = ' . json_encode($json['name']['family-name']['value']) . ';
80					opener.document.getElementById("email").value = ' . json_encode($json['email']['value']) . ';

I don’t know if this helps, but I did encounter something strange while retrieving these info.
Looking up the page source for the Orcid authorize pop up window, I can see that https://orcid.org/oauth/signin has line #47 stating:
orcidVar.searchBaseUrl = "https://pub.orcid.org/v1.2/search/orcid-bio/";
Should this not be v2.0 ???

Other things that might interfer:
a) in config.inc.php, I have my base URL set to HTTP: base_url = "http://clararevue.ulb.be/OJS" but the following settings in my .htaccess file:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://clararevue.ulb.be/$1 [R,L]
RewriteRule ^$ /OJS/index.php/CLARA [R=301,L]

While in Orcid, I’ve set the Redirect URIs to match https://clararevue.ulb.be/
Could it be that these http/https settings are creating mismatches?

b) also, in config.inc.php, I have restful_urls = Off and uncommented Base URL override settings, while Orcid seems to rely on Restful URLs…

Thank you, that’s all I could think of.

Axel

Hi @afisher,

An * isn’t a comment in Javascript – you’ll need to either use // at the beginning of a line, or /* and */ to begin and end a comment section.

Regards,
Alec Smecher
Public Knowledge Project Team

Thank you @asmecher,
applying // did not significantly change the error message’s output, here it is:

<br />
<b>Notice</b>:  Undefined variable: json in <b>/home/web1238/public_html/OJS/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php</b> on line <b>78</b><br />
<br />
<b>Notice</b>:  Undefined variable: json in <b>/home/web1238/public_html/OJS/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php</b> on line <b>79</b><br />
<br />
<b>Notice</b>:  Undefined variable: json in <b>/home/web1238/public_html/OJS/plugins/generic/orcidProfile/pages/OrcidHandler.inc.php</b> on line <b>80</b><br />
<html><body><script type="text/javascript">
					opener.document.getElementById("firstName").value = null;
					opener.document.getElementById("lastName").value = null;
					opener.document.getElementById("email").value = null;
					opener.document.getElementById("orcid").value = "http:\/\/orcid.org\/";
					opener.document.getElementById("connect-orcid-button").style.display = "none";
//					window.close();
				</script></body></html>

Hi @afisher,

OK, that’s definitely resolved a Javascript problem but there is still definitely a problem in the PHP. Can you describe the changes you’ve made, particularly to plugins/generic/orcidProfile/pages/OrcidHandler.inc.php?

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

The only change I did to /plugins/generic/orcidProfile/pages/OrcidHandler.inc.php is at the end of the following line of code:

case 'register':
 	echo '&lt;html&gt;&lt;body&gt;&lt;script type="text/javascript"&gt;
 		opener.document.getElementById("firstName").value = ' . json_encode($json['name']['given-names']['value']) . ';
 		opener.document.getElementById("lastName").value = ' . json_encode($json['name']['family-name']['value']) . ';
 		opener.document.getElementById("email").value = ' . json_encode($json['email']['value']) . ';
 		opener.document.getElementById("orcid").value = ' . json_encode($orcid_uri). ';
 		opener.document.getElementById("connect-orcid-button").style.display = "none";

I uncommented the statement following the above as follows:

// window.close();

Note: sorry for my posts in other thread, I was sincerely convinced that they might be an interference with Bootstrap3, and thought those who answered my previous requests deserved a “thank yo” post.

Also, in the meanwhile, I’ve set allow_url_fopen = On in my config.inc.php (to solve recaptcha issues)

Hi @afisher,

It sounds like you’ve applied only part of this change – the whole thing needs to be applied, or it won’t work.

Note: sorry for my posts in other thread, I was sincerely convinced that
they might be an interference with Bootstrap3, and thought those who
answered my previous requests deserved a “thank yo” post.

Not a problem – but in that case it’s helpful to link over to this thread, so people there are aware that it’s already being worked on over here. I’ve done that.

Regards,
Alec Smecher
Public Knowledge Project Team

@asmecher,

I’ve cross-checked again. Yes, I did apply the entire set of changes on plugins/generic/orcidProfile/pages/OrcidHandler.inc.php and on /plugins/generic/orcidProfile/OrcidProfilePlugin.inc.php. Actually, they were applied automatically when I

Hi @afisher,

Hmm, I’ve double-checked and can’t find a problem here. Two things leap to mind:

  • Are you sure your ORCiD profile plugin configuration is OK, e.g. your client ID and secret?
  • Perhaps your server’s CURL library is out of date or otherwise having trouble fetching information from the ORCiD service. It seems that this line of code isn’t getting executed, leading to the warning message you quoted above. I would suggest adding an else error_log(print_r($info, true)); after the enclosing if statement to capture what’s happening in the PHP error log.

Regards,
Alec Smecher
Public Knowledge Project Team

@asmecher,

I tried to perform your request changing OrcidHandler.inc.php as follows (I’m unsure if I’m using the right syntax):

		if ($info['http_code'] == 200) {
			$json = json_decode($result, true);
		} else error_log(print_r($info, true));

In case I did this right, the bad news is I am on a virtual shared server, so few PHP error are displayed in the error log to which I do have access, and setting PHP error handling with .htaccess is blocked by default (I checked by pulling a phpinfo() request).

EDIT: I also tried the suggestions from this post:

If you don’t have access to your server log file, you can try adding the following near the top of index.php to cause error messages to be sent to the browser:
ini_set('display_errors', E_ALL);

as well as bringing some change to lib/pkp/includes/functions.inc.php for debugging (see cited post). Nothing would change.
//END OF EDIT.

Apparently, I do have cURL installed, but I don’t know if the cURL library is outdated. I performed a test as suggested here. Here is the output:

array(9) {
  ["version_number"]=>
  int(467968)
  ["age"]=>
  int(3)
  ["features"]=>
  int(50717)
  ["ssl_version_number"]=>
  int(0)
  ["version"]=>
  string(6) "7.36.0"
  ["host"]=>
  string(20) "i386-sun-solaris2.10"
  ["ssl_version"]=>
  string(14) "OpenSSL/1.0.1h"
  ["libz_version"]=>
  string(5) "1.2.3"
  ["protocols"]=>
  array(16) {
    [0]=>
    string(4) "dict"
    [1]=>
    string(4) "file"
    [2]=>
    string(3) "ftp"
    [3]=>
    string(4) "ftps"
    [4]=>
    string(6) "gopher"
    [5]=>
    string(4) "http"
    [6]=>
    string(5) "https"
    [7]=>
    string(4) "imap"
    [8]=>
    string(5) "imaps"
    [9]=>
    string(4) "pop3"
    [10]=>
    string(5) "pop3s"
    [11]=>
    string(4) "rtsp"
    [12]=>
    string(4) "smtp"
    [13]=>
    string(5) "smtps"
    [14]=>
    string(6) "telnet"
    [15]=>
    string(4) "tftp"
  }
}

I also performed another more version specific test, as suggested here. Here is the output:

CURL_VERSION_IPV6 matches CURL_VERSION_KERBEROS4 does not match CURL_VERSION_SSL matches CURL_VERSION_LIBZ matches

If there is no other way to check PHP errors
On the ORCID side:

  • I have enabled the public API for HTTPS://clararevue.ulb.be;
  • Client ID and Client secret in ORCID match those in OJS’ Orcid Profile settings;
  • I have redirect URIs set as:
  1. HTTPS://clararevue.ulb.be
  2. HTTPS://clararevue.ulb.be/OJS/index.php/CLARA/orcidapi/orcidAuthorize?targetOp=register&params=
  3. https://developers.google.com/oauthplayground

On the OJS side, I am worried by the following:

  1. In my config.inc.php file I have
  • base_url = "HTTP://clararevue.ulb.be/OJS" but changing to HTTPS does not seem to have any influence
  • restful_urls = Off but restful URL seems to be required by oauth for Orcid to send data (reference is made in config.inc.php to FAQs for setting up restful URLs, but I could not find anything about it)
  • I’ve set allow_url_fopen = On, apparently needed for recaptcha
  • possible other personalized settings
  1. in my .htaccess file, I have set a redirection rule for all HTTP requests to be served as HTTPS

That’s as far as I get…
Axel

Hi @afisher,

Hmm, still nothing incriminating in that info dump. In that class file, you should see several examples of:

 $result = curl_exec($curl);

Could you add just below each of these…

if (!$result) error_log('CURL error: ' . curl_error($curl));

This might log something more useful.

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher,

thanks for following up. I tried as you suggested.
No error appears in my error log…

Hi @afisher,

Hmm, I’m confused why the CURL request seems to neither respond with a http_code (which is supposed to be 200 on successful request), nor with an error message. It seems to me that one or the other ought to be provided.

If you’re handy with PHP, I’d suggest investigating this a little further – it’s difficult to debug this remotely!

Regards,
Alec Smecher
Public Knowledge Project Team