Store user access token after login

[nuest]

When we store a user's access token in the session, we could use it later on.

• Evaluate what "safe and secure" should entail.
• Check whether this makes sense when only asking for /authenticate because according to to the scope documentation

From the ORCID documentation: https://members.orcid.org/api/integrate/orcid-sign-in

ORCID will then return the researcher’s verified ORCID iD and an access token, along with the refresh token, scope(s), name on the ORCID record, and token expiry. A example response:

   {"access_token":"f5af9f51-07e6-4332-8f1a-c0c11c1e3728","token_type":"bearer",
   "refresh_token":"f725f747-3a65-49f6-a231-3e8944ce464d","expires_in":631138518,
   "scope":"/authorize","name":"Sofia Garcia","orcid":"0000-0001-2345-6789"}

Store the ORCID iD and access token in your system in a safe and secure manner. Both items will be required to perform any action to their ORCID record: read, write, update. If you are only requesting /authorize access, access tokens can be stored to indicate that the iD has been authenticated, as well as to read public access data.

Use the ORCID iD and access token to read the user’s record and populate their profile in your system: Save users time by allowing them to quickly and easily transfer data from their ORCID records to your system. All you need to is to make a quick call to their record:

  Method: GET
  Content-type: application/vnd.orcid+xml or application/vnd.orcid+json
  Authorization type: Bearer
  Access token: [Stored access token]
  End point: https://api.sandbox.orcid.org/v2.0/[Stored ORCID iD]/record
  Example record XML: GitHub