ORCID’s community expects and deserves the highest caliber of security we can offer, so we will begin implementing heightened security protocols for our OAuth integration clients, starting with our 26 September release. This will require an update from some of our users of our public or member APIs to ensure we are able to keep our software up to date with the latest security patches.
If you have an integration that uses our public or member API, we will require exact domains to be registered for the OAuth redirect URIs and will no longer make exceptions for non-matching subdomains.
Not all of our members will be affected by this change, and our engagement team will be in touch shortly with any members who are to provide a list of known redirect URIs used for confirmation.
Though this update will require action on the part of some integrators, rest assured this will be a quick and simple process, and our Support Team will help you through it.