- You create a special link
- When clicked, the user is sent to ORCID
- ORCID asks the user to sign in
- ORCID asks the user to grant permission to your application
- ORCID sends the user back to your system with their ORCID iD, an access token and an id token.
- Your system extracts and stores the authenticated ORCID iD from the response.
For security reasons, when using implicit OAuth, ORCID will not return access tokens with update permissions.
See our technical documentation for more information.