Application Version - OJS 3.2.1-3 and ORCiD Plugin 220.127.116.11
Using ORCiD sandbox: ORCiD Authorization request during submission workflow fails
Create new ORCiD account, create new OJS user, submit new publication for that user, log in as journal editor, accept submission, receive notification mail as orcid-user, click link from mail, click “Authorize access” in ORCiD sandbox, error shown is “Your ORCID iD could not be verified. The link is no longer valid”, error in logfile is “No author found with supplied token”
We noticed that the publicationId is missing in the URL after clicking “Authorize access”. If it is appended to the URL, everything works as expected.
URL for Authorization: https://sandbox.orcid.org/oauth/authorize?client_id=APP-SOMETHING&response_type=code&scope=%2Factivities%2Fupdate&redirect_uri=https:%2F%2Fojs.example.com%2Findex.php%2Ftestjournal%2Forcidapi%2ForcidVerify%3Ftoken%replacedforcopypaste&publicationId=1234
Note this contains the publicationId.
URL after clicking “Authorize access”: https://ojs.example.com/index.php/testjournal/orcidapi/orcidVerify?token=replacedforcopypaste&code=AbCdE
Note that the publicationId is missing.
This URL works, changing the above by adding publicationId: https://ojs.example.com/index.php/testjournal/orcidapi/orcidVerify?token=replacedforcopypaste&code=AbCdE&publicationId=1234
We only saw that the publicationId might cause this issue, as it is needed in the plugin’s code:
Note: Authorizing a user profile outside the submission workflow (e.g. via profile) works without any issues.
Sorry about the wrong line-reference. I might have done some search before adding it. I will check back with my colleagues, but I think it is unlikely that we will upgrade to 3.2.1-4 soon.
I have a question regarding “which is a global variable”: Since we suspect that the URL-Parameter is missing from the link generated by ORCiD Sandbox, this does not seem to be related to global variables, which would be a step further in the workflow. If the parameter is not given in the URL, how could there be a global variable?
We are receiving the same notification while testing a site-wide implementing of orcidProfile using ORCID sandbox: “Your ORCID iD could not be verified. The link is no longer valid.” BUT despite the notification the OJS instance is being verified by ORCID as a trusted org.
Yes, our config is sitewide in config.inc.php, not on journal-level.
I’m a bit unsure what you mean by this:
So it is different from what we mentioned? Because in our scenario the publicationid is not added to the link generated by the orcid Sandbox. We circumvened the issue by manually adding the publicationid to the url in the browser’s location bar. Sorry if that was not clear from the initial comment.
I apologize @ojs_univie, you are correct that it is the final URL that has been displaying the error. The process is successful if I add the publicationID at the end of the URL after the “code=”. And I was also wrong that Orcid validation worked despite the error.
So . . . I can confirm the same error with OJS 3.2.1-4.
Could you pinpoint where in the plug-in code the return URL is produced? Or the specific class and/or functions for the ORCID email authorization process? Or in the testing scripts?
Note that the use case that’s failing is when an editor initiates an email to a user they’ve added as an author to a journal or submission. The user receives an email with a link to authorize trusted org status. The final redirect back to OJS is triggering verification failed rather than success without the pub ID added to the URL. Perhaps the addition of the pub ID is part of a larger process that triggers verified?
Lastly, the log quotes in my previous post are pulled from the orcid.log in our instance. What states produce the output “ERROR OrcidHandler::orcidverify - No author found with supplied token.”
Is this what you see in your scenarios during testing? I am aware this is what it should look like. You mentioned you weren’t seeing the same issue, so I wanted to check this detail in particular.
i was following your comment that publicationid is not in the link. But after that, if the communication was successful this should come. in between is orcid communcation. Are you sure the server can access orcid api ?