Add orcid extension

[alvgaona]

Description

Search researchers and access your ORCID profile directly from Raycast.

Features

• Copy ORCID - Copy your ORCID iD to clipboard
• Copy Name - Copy your name from ORCID profile
• Open My Profile - Open your ORCID profile in browser
• Find Researchers - Search for researchers by name with affiliation details

Setup

Users need to register for ORCID API credentials at orcid.org/developer-tools and configure their Client ID and Client Secret in extension preferences.

Screencast

Checklist

• I read the extension guidelines
• I read the documentation about publishing
• I ran npm run build and tested this distribution build in Raycast
• I checked that files in the assets folder are used by the extension itself
• I checked that assets used by the README are placed outside of the metadata folder

[raycastbot]

Congratulations on your new Raycast extension! 🚀

We're currently experiencing a high volume of incoming requests. As a result, the initial review may take up to 10-15 business days.

Once the PR is approved and merged, the extension will be available on our Store.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds a new ORCID extension enabling researchers to access their ORCID profiles and search for other researchers directly from Raycast. The extension properly removed the manual Preferences interface following previous feedback and now relies on auto-generated types.

Key changes:

• Implemented OAuth authentication flow with PKCE client
• Added four commands: Copy ORCID iD, Copy Name, Open Profile, and Find Researchers
• Search functionality with Lucene query syntax for finding researchers
• Proper error handling and user feedback throughout
• Complete documentation with setup instructions

Issues found:

• OAuth implementation mixes PKCE client with traditional client_secret flow but doesn't include required PKCE code_verifier parameter - needs verification that ORCID API supports this hybrid approach
• Minor branding inconsistency in action title capitalization

Confidence Score: 3/5

• This PR has a potential OAuth implementation issue that needs clarification before merging
• The extension is well-structured with proper error handling, documentation, and follows Raycast conventions. However, the OAuth flow uses OAuth.PKCEClient but implements a traditional OAuth flow with client_secret without including the PKCE code_verifier parameter. This hybrid approach needs verification - if ORCID doesn't support PKCE properly, the implementation may fail or be insecure.
• Pay close attention to extensions/orcid/src/oauth.ts - verify the OAuth flow works correctly with ORCID's API

Important Files Changed

Filename	Overview
extensions/orcid/src/oauth.ts	OAuth implementation with PKCE flow and token management, uses auto-generated Preferences type
extensions/orcid/src/types.ts	Only contains OrcidTokenResponse interface, manual Preferences interface removed
extensions/orcid/src/search-orcid.tsx	Search UI with Lucene query builder and researcher list view

[greptile-apps]

_{3 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{3 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

PKCE flow doesn't need client_secret in token exchange - you're using OAuth.PKCEClient which is designed to work without client secrets. Including it here contradicts the PKCE security model.

Suggested change

	const response = await fetch(`${getAuthBaseUrl()}/oauth/token`, {
	method: "POST",
	headers: {
	"Content-Type": "application/x-www-form-urlencoded",
	Accept: "application/json",
	},
	body: new URLSearchParams({
	client_id: prefs.clientId,
	client_secret: prefs.clientSecret,
	grant_type: "authorization_code",
	code: authorizationCode,
	}).toString(),
	});
	const response = await fetch(`${getAuthBaseUrl()}/oauth/token`, {
	method: "POST",
	headers: {
	"Content-Type": "application/x-www-form-urlencoded",
	Accept: "application/json",
	},
	body: new URLSearchParams({
	client_id: prefs.clientId,
	grant_type: "authorization_code",
	code: authorizationCode,
	code_verifier: authRequest.codeVerifier,
	}).toString(),
	});

[greptile-apps]

Using OAuth.PKCEClient but not including code_verifier in token exchange. PKCE requires the code verifier to be sent. Check if ORCID API supports PKCE - if not, this flow mixing client_secret with PKCE is incorrect.

If ORCID doesn't support PKCE, remove client_secret from preferences and properly implement PKCE by including:

code_verifier: authRequest.codeVerifier,
redirect_uri: authRequest.redirectURI,

If ORCID doesn't support PKCE at all, consider using a traditional OAuth client instead of PKCEClient.

[greptile-apps]

Inconsistent capitalization - should be "Copy ORCID iD" to match branding used elsewhere in the extension (see copy-orcid.ts:8)

Suggested change

	title="Copy Orcid"
	title="Copy ORCID iD"

[0xdhrv]

issue: metadata image style

Could you make sure that the metadata images use the same background/appearance as the rest to maintain the same visual expression?

Reference:

• https://developers.raycast.com/basics/prepare-an-extension-for-store#screenshots

[0xdhrv]

issue: metadata image style

Could you make sure that the metadata images use the same background/appearance as the rest to maintain the same visual expression?

Reference:

• https://developers.raycast.com/basics/prepare-an-extension-for-store#screenshots

[0xdhrv]

Minor feedback and comments