Skip to main content Jisc logo
  • Libraries, learning resources & research
  • Learning and research resources
    • Archives Hub
    • Historical Texts
    • e-books for FE
    • Journal Archives
    • Geospatial Data
    • MediaPlus

    We’re working to develop services, provide support, and influence policy in order to enable UK higher education to realise the rewards of open access (OA).

UK ORCID Support

  • Guidance
    • Case studies: Doing more with ORCID
    • ORCID Self Service
    • Next steps for new members
    • Thinking about ORCID?
    • ORCID capabilities of systems
      • DSpace capabilities
      • Eprints capabilities
      • Hydra/Fedora capabilities
  • Support
  • Events
  • Community Resources
  • FAQ
    • FAQ: Membership
    • FAQ: Contacts
    • FAQ: Technical
    • FAQ: Getting Support
    • FAQ: Specific System Help
    • FAQ: Advocacy
    • FAQ: Collect and Connect
    • FAQ: Making the business case
    • FAQ: General
  • Useful Links
  • Blog
    UK ORCID Support > ORCID UK Support Blog > Events > Revoking ORCID Tokens

Revoking ORCID Tokens

Posted: November 13, 2017   Updated: August 6, 2018Categories Events, Technical

We are delighted to publish this second blog contributed by Neil Jefferies, arising from the ORCID Delegation workshop held on the 10th October at Jisc in London. See the previous blog for more detail about the background of the meeting.

At the meeting, Will Simpson of ORCID presented a very useful non-technical overview of how authentication and ORCID/OAuth tokens worked in terms of managing access permissions. Discussion then moved on to the main topic of how ORCID permissions might be delegated to third party providers and, in particular, how to handle the termination of third party arrangements. During these discussions, Will indicated that support for the optional OAuth functionality for token revocation was being considered by ORCID. OAuth is the technology/standard that ORCID uses for authorisation/access control. At the moment, tokens are granted by default for 20 years, or 1 hour for effectively single, short term, use. Naturally, neither of these match the typical duration of a scholar’s relationship with an institution. Minimising the number of active tokens would be good from both a security and “data hygiene” standpoint, so the ability for an institution to relinquish their token when a scholar leaves would be useful in its own right. Scholars can revoke their tokens manually when they leave but it is unrealistic to rely on them to remember to do so.

At the moment, it is possible to work around this situation by making creative use of the OAuth token refresh facility. This functionality is important since it is what will allow an institution to grant tokens to a third party on behalf of an individual researcher (which will be explored in the next posting), but, in this context, it does provide a slightly unorthodox method for effectively relinquishing a token. Intended for use when an existing token nears expiry, a replacement token may be requested with a new expiry date which then invalidates the previous token. However, this can *actually* be done at any time and a 20-year token *can* be replaced by a 1 hour token which can simply be allowed to expire, resulting in no active tokens.

The workshop participants were of the opinion that the community should support the implementation of token revocation in ORCID, and would recommend that members make use of the facility, or the workaround in the short term, in their integrations.

Contact

Email: help@jisc.ac.uk


Give Feedback
ORCiD Member Logo
Recent posts
  • Global first for UKRI – recording funding peer review contributions in ORCID records
  • Highlights of ORCID webinars September to November 2020
  • Consortium events round-up for the summer of 2020
Website
  • Cookies
  • Privacy
  • Accessibility

Useful links
  • ORCID website
  • Jisc's open access services
  • Jisc scholarly communications blog
Jisc logo

We are a membership organisation, providing digital solutions for UK education and research.

Find out more at jisc.ac.uk

Libraries, learning resources and research
  • Learning & research resources
  • Library support
  • Open access (OA)
  • Geospatial data
License
©2021 Jisc. This work is licensed under the CC BY-NC-ND 4.0
About using our content