ORCID
diff --git a/‎docs/Other_methods_for_getting_authenticated_iDs.md‎
Lines changed: 36 additions & 0 deletions b/‎docs/Other_methods_for_getting_authenticated_iDs.md‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎docs/display.md‎
Lines changed: 4 additions & 1 deletion b/‎docs/display.md‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎docs/get.md‎
Lines changed: 27 additions & 29 deletions b/‎docs/get.md‎
Lines changed: 27 additions & 29 deletions
diff --git a/‎docs/images/01-3_employment-item.png‎
-86.8 KB b/‎docs/images/01-3_employment-item.png‎
-86.8 KB
diff --git a/‎docs/images/03_03_Step-3-playground-set-up-header.png‎
-63.9 KB b/‎docs/images/03_03_Step-3-playground-set-up-header.png‎
-63.9 KB
diff --git a/‎docs/images/06-1_header-accept.png‎
-66.7 KB b/‎docs/images/06-1_header-accept.png‎
-66.7 KB
diff --git a/‎docs/images/06-1_post-affiliation-response.png‎
-13.2 KB b/‎docs/images/06-1_post-affiliation-response.png‎
-13.2 KB
diff --git a/‎docs/images/sandbox.oauth.PNG‎
46.3 KB b/‎docs/images/sandbox.oauth.PNG‎
46.3 KB
diff --git a/‎docs/images/sandbox.register.PNG‎
29.4 KB b/‎docs/images/sandbox.register.PNG‎
29.4 KB
diff --git a/‎docs/images/sandbox.register.step2.PNG‎
51.2 KB b/‎docs/images/sandbox.register.step2.PNG‎
51.2 KB
@@ -0,0 +1,36 @@
+
+##Other methods for getting authenticated iDs
+
+You have just followed a method a custom integration would use to get ORCIDs from users. The following are other methods for getting authenticated iDs from ORCID users.
+
+##Servive Provider systems
+
+Some publishing, research information and repository software systems support collecting authenticated iDs and permissions right out of the box. See our list of [ORCID-enabled systems](https://members.orcid.org/api/orcid-enabled-systems) for more details.
+
+Configuration steps and customization options vary widely between systems - check your system's documentation for complete information.
+
+<!--- This should actually be institutional connect but let's remove for now since only one member has put it in place.
+##Institutional sign-in
+
+You can enable access using institutional credentials. Check out the [Members Documentation](http://members.orcid.org/api/integrate/institution-sign-in) for more information.
+--->
+
+<!--- Product is looking at whether to still support this. Removed for now (as of 2020-11-02)
+##Share my iD
+
+Need a quick way to collect authenticated iDs with no programming or IT resources needed?
+[Share my iD](https://share-my-id.orcid.org/) is a new app from ORCID that allows anyone with an ORCID iD to get iDs from other ORCID users.<br>
+  <img src="../images/04-4_share-my-id.png" width="600" alt="ORCID Share my iD app home page" />
+--->
+
+##DOI metadata
+
+Many systems now collect ORCID iDs and publish them in DOI (and other persistent identifier) metadata. If you have a DOI for a publication, dataset, or other digital object, you can check its metadata for author ORCID iDs. However, note ORCID cannot guarantee that the iDs for the listed authors have been authenticated.
+
+###Example: CrossRef API
+For example, using the [CrossRef REST API](https://github.com/CrossRef/rest-api-doc/blob/master/rest_api.md), we can find an author's ORCID iD in the DOI metadata for ```http://dx.doi.org/10.1155/2013/364301```
+
+1. In a new window or tab, visit ```https://api.crossref.org/v1/works/10.1155/2013/364301```
+2. In the JSON data that appears, ORCID iDs submitted by the publisher in the DOI metadata are included in the ```author``` element.
+<br>
+  <img src="../images/04-5_doi-metadata.png" width="400" alt="ORCID in DOI metadata" />
@@ -13,6 +13,9 @@ For more details, see our [Trademark and iD Display Guidelines](https://orcid.or
 <img src="../images/07_1_kaken_profile_system.png" width="600" alt="ORCID iD displayed on Kaken Profile System for SUENAGA Kiyotake" />
 <br>
 <br>
+You can also just show the iD icon next to the researcher's name as seen in the screenshot below.
+<br>
+<br>
 <img src="../images/07_1_Orcid_id_journal_functional_ecology.png" width="600" alt="ORCID iD displayed in Journal of Functional Ecology article" />
 
 ##Presenting the ORCID OAuth screen & redirect pages
@@ -32,7 +35,7 @@ See [sample text](http://members.orcid.org/api/oauth/presenting-oauth#include-te
 The OAuth screen is designed to look best at a maximum width of 500px.
 <br>
 <br>
-<img src="../images/07-2_oauth.png" width="300" alt="Example OAuth authorization screen" />
+<img src="../images/sandbox.oauth.png" width="400" alt="ORCID OAuth screen" />
 ###4. Provide an appropriate redirect page and close the OAuth window
 Remember that users can either authorize or deny access - make sure to show a different message for each case.
 <br>
 
@@ -33,9 +33,9 @@ API credentials consisting of a **client ID** and a **client secret** are needed
 
 To get Authenticated iDs, you can use Public or Member API credentials. To get permission to read non-public information or add/update researchers' ORCID records, you'll need Member API credentials. For the rest of this tutorial, when referring to the API please assume that it is the Member API that is being referenced.  
 
-For this tutorial, please use your own sandbox API credentials:
+For this tutorial, please use your own sandbox API credentials.
 
-To request API credentials, see [Request API credentials](https://orcid.org/content/register-client-application)
+To request API credentials, see [Request API credentials](https://orcid.org/content/register-client-application-sandbox)
 
 ## Three Step OAuth journey
 
@@ -53,57 +53,55 @@ To kick off the OAuth process, we'll need to create a special authorization URL
 | ----------| ----------- | ------- |
 |**client_id**| Your Member or Public API client ID (issued by ORCID)<br>To request API credentials, see [Request API credentials](https://orcid.org/content/register-client-application) | ```[APP-*****************]``` |
 |**response_type**|  | ```code``` |
-|**scope**| API action(s) you want to request permission for, from the list of [ORCID Scopes](https://members.orcid.org/api/oauth/orcid-scopes). | ```/authorize``` <br> ```/activities/update```
+|**scope**| API action(s) you want to request permission for, from the list of [ORCID Scopes](https://members.orcid.org/api/oauth/orcid-scopes) | ```/person/update``` <br> ```/activities/update```
 |**redirect_uri**| Page on your site that users will see after they complete the authorization process (must be on the list of allowed redirect URIs you specified when requesting your API credentials)  | ```https://developers.google.com/oauthplayground``` |
 
 To request permission to add/update activities (affiliations, funding, works, peer review items), and to add/update personal items (other-names, keywords, countries, researcher-urls, websites, and personal external identifiers) our authorization URL will be:
-Enter you own client ID where it says [APP-*****************]
+Enter you own client ID where it says _[APP-\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\]_
 ```
 https://sandbox.orcid.org/oauth/authorize?client_id=[APP-****************]&response_type=code&scope=/read-limited%20/activities/update%20/person/update&redirect_uri=https://developers.google.com/oauthplayground
 ```
 
-Copy your URL, remembering to fill in your own APP details and paste into a new tab and press enter.<br>
-
-
-2. An ORCID sign-in screen listing the requested permissions will appear; sign into your Sandbox account and click **Authorize**<br>
-<img src="../images/04-2_oauth-screen.png" width="400" alt="ORCID OAuth sign-in screen" />
-3. After granting permission, you'll be redirected to the Google OAuth Playground. A 6-character code will appear at the end of the redirect URI in the browser address bar (and under the **Step 2** section at left)<br>
+1. Copy the URL, remembering to fill in your own APP details, paste it into a new tab and press enter.<br>
+2. An ORCID sign-in screen will appear; sign into your Sandbox account to see the OAuth screen and click **Authorize**<br>
+<img src="../images/sandbox.oauth.png" width="400" alt="ORCID OAuth screen" />
+3. After granting permission, you'll be redirected to the Google OAuth Playground. A 6-character code will appear at the end of the redirect URI in the browser address bar (and under the **Step 2** section on the left of the page)<br>
 <img src="../images/04-2_auth-code-address.png" width="400" alt="ORCID OAuth sign-in screen" /><br><br>
 <img src="../images/04-2_auth-code.png" width="400" alt="Browser address bar showing OAuth authorization code" />
 
 ###Exchange authorization code for access token and authenticated iD
-Once you have an  Authorization Code, you can exchange it for an Access Token and the Authenticated iD of the user who signed in, which you'll need in order to take the API action(s) you requested permission for. You need to store this securely and privately as it contains access tokens, normally you would store this in a database, for now you can store it in a text file on your computer.
+Once you have an  Authorization Code, you can exchange it for an access token and the Authenticated iD of the user who signed in, which you'll need in order to take the API action(s) you requested permission for.
+
+If you lose the access token you can complete the process again but first you would need to revoke permission for the client application if using the same ORCID iD. Permission can be revoked by removing the client application from the "Trusted organizations" section in [Account settings](https://sandbox.orcid.org/account). 
 
 In a real-world situation, this exchange would be done by your system, using a programming language such as  PHP, Java, or Ruby on Rails. For this tutorial, we'll use Google OAuth Playground to simulate a web application.
 
 1. Click the gear icon in the upper right corner to open the **OAuth 2.0 Configuration**<br>
 <img src="../images/04-3_google-playground-config.png" width="400" alt="Google OAuth Playground OAuth 2.0 Configuration" />
-2. Change the Oauth endpoints drop down to custom and enter the following settings and click **Close**
-
-| Field | Value |
-| ------| ------|
-|**OAuth flow**| Server-side |
-|**OAuth endpoints**| Custom |
-|**Authorization endpoint**| ```https://sandbox.orcid.org/oauth/authorize``` |
-|**Token endpoint**| ```https://sandbox.orcid.org/oauth/token``` |
-|**Access token location**| Authorization header w/Bearer prefix |
-|**OAuth Client ID**| ```[APP-*****************]```<br>(Demo client ID created for this tutorial) |
-|**OAuth Client Secret**| ```0000000-0000-0000-0000-000000000000```<br>(Your own client secret created earlier - do not share API client secrets!) |
+2. Change the ``Oauth endpoints`` drop-down to ``Custom`` and enter the following settings and click **Close**
+
+    | Field | Value |
+    | ------| ------|
+    |**OAuth flow**| Server-side |
+    |**OAuth endpoints**| Custom |
+    |**Authorization endpoint**| ```https://sandbox.orcid.org/oauth/authorize``` |
+    |**Token endpoint**| ```https://sandbox.orcid.org/oauth/token``` |
+    |**access token location**| Authorization header w/Bearer prefix |
+    |**OAuth Client ID**| ```[APP-*****************]```<br>(Demo client ID created for this tutorial) |
+    |**OAuth Client Secret**| ```0000000-0000-0000-0000-000000000000```<br>(Your own client secret created earlier - do not share API client secrets!) |
 
 3. In the **Step 2 Exchange authorization code for tokens** section at left, click **Exchange authorization code for tokens**<br>
 <img src="../images/04-3_exchange-code.png" width="400" alt="Google OAuth Playground exchanging authorization code for access token" />
-4. Your Access Token and Authenticated iD will appear **Request/Response** section at right.<br>
+4. Your access aoken and Authenticated iD will appear **Request/Response** section at right.<br>
 <img src="../images/04-3_token-response.png" width="600" alt="Google OAuth Playground json response for an access token request" /> <!--update with XML-->
 
-_**Important!** Keep the Google OAuth Playground open so that you don't lose the configurations you have made in the steps above. You can also save the URL that allows you to initialize the playground with these configurations (to get the URL, click the link icon next to the gear icon in the upper right corner)._
+_**Important!** Keep the Google OAuth Playground open so that you don't lose the configurations you have made in the steps above. You can also save the URL that allows you to initialize the Playground with these configurations (to get the URL, click the link icon next to the gear icon in the upper right corner)._
 
-Once you have gone through this process to obtain the token, this is all that you need to do further api calls for this ORCID and for these permissions. If you want to make calls for another ORCID or you want to write to a record where before you have only read for example, then you will need to complete the process again and get a new token.
-=======
+Once you have gone through this process to obtain the token, this is all that you need to do further API calls for this ORCID and for these permissions. If you want to make calls for another ORCID or you want to write to a record where before you have only read for example, then you will need to complete the process again and get a new access token.
 
-**Save this token**
 
-It is important to save the token you received in the step above as you can easily create any calls you need to make with it. If you loose the token you will have to go through the whole process above again. 
+**Save this token**
 
-Once you have gone through this process once and you have the token this is all that you need to do further api calls for this ORCID and for these permissions. If you want to make calls for another ORCID or you want to write to a record where before you have only read for example, then you will need to complete the process again and get a new token.
+It is important to save the token you received in the step above as you can easily create any calls you need to make with it. If you lose the token you will have to go through the whole process above again.