Hub Administrator Managing Access token store

[rpaw053]

As a Hub Administrator, I want to manage privileges to the store of access tokens for larger research organisations, So that they can make use of Access token in future to present them to ORCID to interact with their researchers’ ORCID profiles

[ORCIDHUB-18] created by rpaw053

[rpaw053]

The privileges can be managed through DB constraints and through Code, Simple API can be written if needed.

by rpaw053

[rpaw053]

If that "make use of Access token in future" has an implicit "through the ORCID Hub" then totally. If it's download a copy of my researchers tokens for my other integration, then would disagree as I'm not sure it's desirable for RO Admins to be able to interact directly with tokens.
Remember each Member has 5 sets of credentials, so rather then increasing the attack surface of the token store, we could sensibly recommend/insist that orgs wanting tokens for their own integrations get direct permission. This would make privacy sense too.

by jgus614

[rpaw053]

Hmmn, I'm reminded that Govt Org's under one of the open govt or data frameworks would need this facility.

Should the hub ever shut down (forbid), there has to be a mechanism for the Orgs to get their access tokens out.

by jgus614

[rpaw053]

Edited task to make clear that the access is given by the Hub Admin, and this is resolved.

GH-31 describes the store, the "Can Use Api" flag enforced privilege

by jgus614