Comments (21)
Thanks for reporting the issue.
In server scenarios, use a PAT. See https://docs.ropensci.org/rorcid/articles/authentication.html#computing-environments-without-browsers-1 and the 3rd option in Details section here https://docs.ropensci.org/rorcid/reference/orcid_auth.html#details
from rorcid.
Hi sckott, thanks for helping. I am not sure of what do you mean by a PAT, "Port-Address-Translator"? A network technique? How should we do that?
I managed to generate a token using the 2legged authentication function and using my client_id and my client_secret, I think the token is Ok. The ORCID_TOKEN environment variable is properly set with the token. I wondered if the problem was because of the hyphens, and I tried to add some (as it originally was without any) but same result 401.
I also checked that curl with HTTPS support is working, because I can download from the console.
Is it then a network problem? We are using port 8080 and we are behind a proxy, but we have connectivity now from R.
Any ideas?
Thanks
from rorcid.
PAT = Personal Access Token
Same as "token" in this context.
use one of the rorcid functions to get some data, and set verbose=TRUE
, e.g.,
orcid_bio(orcid = "0000-0002-1642-628X", verbose = TRUE)
Does that fail? If so, there may be useful information to debug in the console output. Share it here, but make sure to obscure/remove your token
from rorcid.
orcid_bio(orcid = "0000-0002-1642-628X", verbose = TRUE)
- Uses proxy env variable https_proxy == 'http://emcgateway:[email protected]:8080'
- Trying 10.20.5.72...
- TCP_NODELAY set
- Connected to proxy.redinterna.age (10.20.5.72) port 8080 (#0)
- allocate connect buffer!
- Establish HTTP proxy tunnel to pub.orcid.org:443
CONNECT pub.orcid.org:443 HTTP/1.1
Host: pub.orcid.org:443
User-Agent: R (3.6.3 x86_64-redhat-linux-gnu x86_64 linux-gnu)
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
- Proxy replied 200 to CONNECT request
- CONNECT phase completed!
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none - CONNECT phase completed!
- CONNECT phase completed!
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
- ALPN, server accepted to use http/1.1
- Server certificate:
- subject: CN=orcid.org
- start date: May 13 00:00:00 2020 GMT
- expire date: Aug 15 00:00:00 2022 GMT
- subjectAltName: host "pub.orcid.org" matched cert's "*.orcid.org"
- issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
- SSL certificate verify ok.
GET /v3.0/0000-0002-1642-628X/biography HTTP/1.1
Host: pub.orcid.org
Accept-Encoding: gzip, deflate
Accept: application/json
User-Agent: r-curl/4.3 crul/1.0.0 rOpenSci(rorcid/0.6.4)
X-USER-AGENT: r-curl/4.3 crul/1.0.0 rOpenSci(rorcid/0.6.4)
Authorization: Bearer
< HTTP/1.1 401 Unauthorized
< Date: Fri, 19 Feb 2021 16:37:44 GMT
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
- Added cookie __cfduid="d49cc324745da53ba51467871db9fae751613752664" for domain orcid.org, path /, expire 1616344664
< Set-Cookie: __cfduid=d49cc324745da53ba51467871db9fae751613752664; expires=Sun, 21-Mar-21 16:37:44 GMT; path=/; domain=.orcid.org; HttpOnly; SameSite=Lax
< WWW-Authenticate: Bearer realm="ORCID T1 API", error="invalid_token", error_description="Invalid access token: "
< Cache-Control: no-store
< Pragma: no-cache
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Origin: *
< X-Content-Type-Options: nosniff - Added cookie X-Mapping-fjhppofk="814C785051499CB634650A2359C0B50C" for domain pub.orcid.org, path /, expire 0
< Set-Cookie: X-Mapping-fjhppofk=814C785051499CB634650A2359C0B50C; path=/
< X-Frame-Options: DENY
< CF-Cache-Status: DYNAMIC
< cf-request-id: 085cc098ab00005d4b3996d000000001
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< Server: cloudflare
< CF-RAY: 62416a077d2c5d4b-LIS
< - Connection #0 to host proxy.redinterna.age left intact
Error: Unauthorized (HTTP 401)
from rorcid.
So your token was in the Authorization: Bearer
string, correct? And you just removed it here?
from rorcid.
Exactly, I removed it as you requested. This a project for the Spanish Ministry of Science and we are rather stuck here.
Thanks.
from rorcid.
Let's try curl again to make sure that your token is working:
curl -v \
-H 'Authorization: Bearer your-token-here' \
-H 'Accept: application/json' \
https://pub.orcid.org/v3.0/0000-0002-1642-628X/biography/
Does that work? Do you get:
{"created-date":{"value":1460757498851},"last-modified-date":{"value":1460757498851},"content":"http://carlboettiger.info","visibility":"public","path":"/0000-0002-1642-628X/biography"}
from rorcid.
Good morning Sckott... once again the same problem. There must be definitely something wrong with the token
Thx for the support
[root@CENT81-DES-CIENCIA investigadores-ficheros_r]# curl -v -H 'Authorization: Bearer ... ' -H 'Accept: application/json' https://pub.orcid.org/v3.0/0000-0002-1642-628X/biography/
- Trying 10.20.5.72...
- TCP_NODELAY set
- Connected to proxy.redinterna.age (10.20.5.72) port 8080 (#0)
- allocate connect buffer!
- Establish HTTP proxy tunnel to pub.orcid.org:443
- Proxy auth using Basic with user 'glpi.mciu'
CONNECT pub.orcid.org:443 HTTP/1.1
Host: pub.orcid.org:443
Proxy-Authorization: Basic Z2xwaS5tY2l1OkNhc3RlbGxhbmExNjI7
User-Agent: curl/7.61.1
Proxy-Connection: Keep-Alive
< HTTP/1.1 200 Connection established
<
- Proxy replied 200 to CONNECT request
- CONNECT phase completed!
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none - TLSv1.3 (OUT), TLS handshake, Client hello (1):
- CONNECT phase completed!
- CONNECT phase completed!
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, [no content] (0):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (IN), TLS handshake, CERT verify (15):
- TLSv1.3 (IN), TLS handshake, Finished (20):
- TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
- TLSv1.3 (OUT), TLS handshake, [no content] (0):
- TLSv1.3 (OUT), TLS handshake, Finished (20):
- SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
- ALPN, server accepted to use h2
- Server certificate:
- subject: CN=orcid.org
- start date: May 13 00:00:00 2020 GMT
- expire date: Aug 15 00:00:00 2022 GMT
- subjectAltName: host "pub.orcid.org" matched cert's "*.orcid.org"
- issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
- SSL certificate verify ok.
- Using HTTP2, server supports multi-use
- Connection state changed (HTTP/2 confirmed)
- Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
- TLSv1.3 (OUT), TLS app data, [no content] (0):
- TLSv1.3 (OUT), TLS app data, [no content] (0):
- TLSv1.3 (OUT), TLS app data, [no content] (0):
- Using Stream ID: 1 (easy handle 0x55f0d8ef4e80)
- TLSv1.3 (OUT), TLS app data, [no content] (0):
GET /v3.0/0000-0002-1642-628X/biography/ HTTP/2
Host: pub.orcid.org
User-Agent: curl/7.61.1
Authorization: Bearer ...
Accept: application/json
- TLSv1.3 (IN), TLS handshake, [no content] (0):
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
- TLSv1.3 (IN), TLS app data, [no content] (0):
- Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
- TLSv1.3 (OUT), TLS app data, [no content] (0):
- TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/2 401
< date: Mon, 22 Feb 2021 08:17:54 GMT
< content-type: application/json;charset=UTF-8
< set-cookie: __cfduid=ddcbb300d014ca8bb078402d4c90bff831613981873; expires=Wed, 24-Mar-21 08:17:53 GMT; path=/; domain=.orcid.org; HttpOnly; SameSite=Lax
< www-authenticate: Bearer realm="ORCID T1 API", error="invalid_token", error_description="Invalid access token: ..."
< cache-control: no-store
< pragma: no-cache
< x-xss-protection: 1; mode=block
< access-control-allow-origin: *
< x-content-type-options: nosniff
< set-cookie: X-Mapping-fjhppofk=4842165633BFDE68C17EFF06BB2B96E5; path=/
< x-frame-options: DENY
< cf-cache-status: DYNAMIC
< cf-request-id: 086a6a0f220000da725905f000000001
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 625745f83da1da72-LIS
<
{
"error" : "invalid_token",
"error_description" : "Invalid access token: ..." - TLSv1.3 (IN), TLS app data, [no content] (0):
- Connection #0 to host proxy.redinterna.age left intact
}[root@CENT81-DES-CIENCIA investigadores-ficheros_r]#
from rorcid.
By the way, I just tried the URL with the token on my Windows workstation with postman and I got the same result: invalid token.
Should I try with another ORCID account?
from rorcid.
This is how I generated the token:
two_legged_oauth <- function(client_id, client_secret) {
headers <- list(Accept = "application/json",
Content-Type
= "application/x-www-form-urlencoded")
body <- list(grant_type = "authorization_code",
client_id = client_id, client_secret = client_secret)
con <- crul::HttpClient$new("https://orcid.org/oauth/authorize", headers = headers)
res <- con$post( body = body, encode = "form")
if (res[["status_code"]] == 200 ) {
tok <- res[["response_headers"]][["cf-request-id"]]
return (paste0("Bearer ", tok))
}
}
""
two_legged_oauth(client_id = "...", client_secret = "...")
from rorcid.
- it's possible there's an issue with the proxy. I don't know anything about proxies as I never use them, so not sure what to do if that's the problem.
- If it is an invalid token: did you request the token on that server? Can you get a token on your local machine, then simply set it as the token on your server? Does this curl request work if you do it on your local machine without being behind a proxy?
from rorcid.
- We can rule out the proxy problem, I checked with postman from my personal machine (directly connected to the Internet) against the API url you proposed and it works without token (it's public) but when the token is added it says it is invalid.
- I tried on our server with another token generated with the ORCID credentials of a colleague of mine and the result is the same.
Could it be that the token generation process is not working properly? Is there any way to circumvent the three legged authentication?
from rorcid.
By the way, my colleague generated his token on his local machine.
from rorcid.
I just spun up a server and used my orcid token and it works. So can't re-create what's going on so far.
I'm not sure what else to do. I'm asking ORCID folks
from rorcid.
This is how I generated the token:
two_legged_oauth <- function(client_id, client_secret) {
headers <- list(Accept = "application/json",
Content-Type
= "application/x-www-form-urlencoded")
body <- list(grant_type = "authorization_code",
client_id = client_id, client_secret = client_secret)
con <- crul::HttpClient$new("https://orcid.org/oauth/authorize", headers = headers)
res <- con$post( body = body, encode = "form")
if (res[["status_code"]] == 200 ) {
tok <- res[["response_headers"]][["cf-request-id"]]
return (paste0("Bearer ", tok))
}
}
""two_legged_oauth(client_id = "...", client_secret = "...")
Hmm. Does your token in a format like 1bed1e13-7792-4129-9f07-aaf7b88ba88x?
If not, I think your two legged request is not quite right.
- you need to use grant_type=client_credentials
- It looks like you're pulling something out of the response headers, but I think the token is in the response body as JSON.
Example here: https://info.orcid.org/documentation/integration-and-api-faq/#easy-faq-2532
from rorcid.
I was definitely trying to use a function which does not generate a valid Orcid token. Could you write here the proper command line curl call with a field for client_id and client_secret, which I can substitute, so that I can get the token? I understand the production ORCID API Endpoint is https://orcid.org/oauth/token
So far I've been trying and getting {"error":"invalid_client","error_description":"Client not found: ..."}
Please forgive me, because I am newbie to Linux and APIs...
from rorcid.
Try something like curl -i -d 'client_id=XXX' -d 'client_secret=XXX' -d 'scope=/read-public' -d 'grant_type=client_credentials' 'https://orcid.org/oauth/token'
from rorcid.
There is a tutorial here: https://github.com/ORCID/ORCID-Source/blob/master/orcid-api-web/tutorial/read_public.md
from rorcid.
Yes, but I also got the invalid token message. However, I just copied my ID directly from the Orcid website after login. I am also copying the password.
from rorcid.
I wish to apologize to everyone for being so rookie and for not reading the tutorials properly. I was wrongly assuming that the client_id is the same as the ORCID ID and they are not. You use your orcid account to register an application in the developers tools menu option and then it generates the client_id and the client_secret which you use to generate a token.
Thanks for your efforts, sorry again for the inconvenience and you can close this thread.
from rorcid.
Thanks @TomDemeranville !
@drachodran no worries at all. I'm happy to help. The function https://docs.ropensci.org/rorcid/reference/orcid_auth in this package returns the token you'll need. It returns a string of the form Bearer xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
. From that, copy just the token part (ignore "Bearer ") to save as your ORCID_TOKEN
environment variable.
from rorcid.
Related Issues (20)
- recursive in orcid() fxn doesn't do anything HOT 2
- see if we can vectorize works() fxn
- httpuv may be required for correct orcid_auth behavior HOT 1
- API version 3 plans? HOT 4
- 'rows' argument in `rorcid::orcid_search` HOT 4
- vcr-ify tests
- Institution searches in `rorcid::orcid_search` HOT 13
- Add to orcid_search(): ringgold-org-id and grid-org-id
- keyword param problem
- sort out testing for others HOT 8
- orcid_search parameters (current_prim_inst doesn't work) HOT 3
- Issue retrieving all orcid ids associated with organization HOT 6
- fix for cran checks
- `/expanded-search` route - use instead of of `/search` in orcid()?
- rows in orcid search: change default? + max HOT 1
- Get access token via 2 legged OAuth authorization HOT 3
- Does rorcid_works get the information of co-authors? HOT 1
- Column number mismatch when calling `orcid_employment` HOT 4
- orcid_works() doesn't have the "author" information? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rorcid.