The ORCID sign-in flow on rrxiv.com works correctly whether the user arrives at the apex (rrxiv.com) or the www subdomain. The server threads the redirect_uri per request from the web client's POST body rather than reading a static ORCID_REDIRECT_URI env var, so the authorize-step URI and the token-exchange-step URI are byte-identical regardless of which origin the browser was on when the user clicked sign-in. This is the property RFC 6749 \S4.1.3 requires.
No claim-graph edges declared for this claim yet.
No replications, contradictions, or comments registered yet for this claim.
Replicate to register a fresh attempt; contradict, extend, or comment otherwise. Authors can post a claim-retraction with the reason taxonomy from RRP-0020.
Sign in with ORCID to annotate this claim.