Task #8746
Story #8234: Use University of Kansas ORCID membership to support authentication in production environment
Require email address from user when logging in via ORCID
0%
Description
By switching to the ORCID member API, we can then make attribute requests during the authentication process by asking for information only accessible to trusted organizations. This allows us to ask for a user's email address, even if it has been set to trusted (whereas now we only see the user's public address). This will allow us to ensure that we have a valid email address for all logins. If a user has set their email to 'only me'in their ORCID profile, then we should deny the login and indicate that they need to p=amke their email available to trusted orgs for login to work. See: https://support.orcid.org/hc/en-us/articles/360006897614
