3 files changed, 13 insertions, 12 deletions
diff --git a/python/fatcat_web/__init__.py b/python/fatcat_web/__init__.py
index 6e285ddb..ba789609 100644
--- a/python/fatcat_web/__init__.py
+++ b/python/fatcat_web/__init__.py
@@ -8,7 +8,7 @@ from flask_wtf.csrf import CSRFProtect
 from flask_misaka import Misaka
 from flask_mwoauth import MWOAuth
 from authlib.flask.client import OAuth
-from loginpass import create_flask_blueprint, Gitlab, GitHub
+from loginpass import create_flask_blueprint, Gitlab, GitHub, ORCiD
 from raven.contrib.flask import Sentry
 import fatcat_client
 
@@ -74,9 +74,9 @@ app.register_blueprint(mwoauth.bp, url_prefix='/auth/wikipedia')
 from fatcat_web import routes, editing_routes, auth, cors, forms
 
 # TODO: blocking on ORCID support in loginpass
-#if Config.ORCID_CLIENT_ID:
-#    orcid_bp = create_flask_blueprint(ORCID, oauth, auth.handle_oauth)
-#    app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
+if Config.ORCID_CLIENT_ID:
+    orcid_bp = create_flask_blueprint(ORCiD, oauth, auth.handle_oauth)
+    app.register_blueprint(orcid_bp, url_prefix='/auth/orcid')
 
 if Config.GITLAB_CLIENT_ID:
     gitlab_bp = create_flask_blueprint(Gitlab, oauth, auth.handle_oauth)
diff --git a/python/fatcat_web/auth.py b/python/fatcat_web/auth.py
index 44a03f5f..06c8475b 100644
--- a/python/fatcat_web/auth.py
+++ b/python/fatcat_web/auth.py
@@ -54,10 +54,15 @@ def handle_oauth(remote, token, user_info):
         # not sure all loginpass backends will set it
         if user_info.get('preferred_username'):
             preferred_username = user_info['preferred_username']
+        elif 'orcid.org' in iss:
+            # as a special case, prefix ORCiD identifier so it can be used as a
+            # username. If we instead used the human name, we could have
+            # collisions. Not a great user experience either way.
+            preferred_username = 'i' + user_info['sub'].replace('-', '')
         else:
             preferred_username = user_info['sub']
 
-        params = fatcat_client.AuthOidc(remote.name, user_info['sub'], iss, user_info['preferred_username'])
+        params = fatcat_client.AuthOidc(remote.name, user_info['sub'], iss, preferred_username)
         # this call requires admin privs
         (resp, http_status, http_headers) = priv_api.auth_oidc_with_http_info(params)
         editor = resp.editor
diff --git a/python/fatcat_web/templates/auth_login.html b/python/fatcat_web/templates/auth_login.html
index 6e9b1f15..85e33d79 100644
--- a/python/fatcat_web/templates/auth_login.html
+++ b/python/fatcat_web/templates/auth_login.html
@@ -37,21 +37,17 @@ Note that currently editor accounts are locked 1-to-1 with external identities.
 </div>
 {% endif %}
 
-{# not implemented in login pass yet #}
 {% if config.ORCID_CLIENT_ID %}
-{# <a href="/auth/orcid/login"> #}
+<a href="/auth/orcid/login">
 <div class="ui segment attached">
   <h2 class="ui header">
-    {# <img src="/static/orcid_icon.png" style="width: 1.5em;"> #}
-    <i class="grey times circle icon"></i>
+    <img src="/static/orcid_icon.png" style="width: 1.5em;">
     <div class="content">
       ORCiD
-      {# <div class="sub header">via OpenID Connect</div> #}
-      <div class="sub header">not implemented yet</div>
+      <div class="sub header">via OpenID Connect</div>
     </div>
   </h2>
 </div>
-{# </a> #}
 {% endif %}
 
 {% if config.WIKIPEDIA_CLIENT_ID %}