Getting Started with Clever SSO
The main flavor of SSO at Clever is OAuth 2.0. This guide will serve to illustrate key steps in the authorization grant flow of OAuth 2.0 with Clever.
This guide will be helpful for you if:
- You are just getting started with Clever SSO.
- You're planning on building a District SSO integration or a Library SSO/Rostering integration.
- You are not familiar with OAuth 2.0 authorization grant flow.
- You have access to a command line with cURL.
- You are not hosting anything at https://localhost:3000 in your local environment.
Not what you're looking for?
- For a more in-depth guide of the OAuth/OIDC authorization grant flow with Clever, see this example walkthrough
- For a SAML guide, see this documentation
Generating a Code
The authorization grant flow of OAuth 2.0 kicks off when a user initiates SSO. This happens when a user clicks on an SSO icon in the Clever Portal or a "Log in with Clever" button on your website. In the first stage of the SSO process, an authorization code is sent to the provided 'redirect_uri' once a user has authenticated with Clever. To generate this code, click the link below and proceed through the rest of the guide.
Clear existing Clever sessions.
Before you get started, ensure that you do not have any existing Clever sessions in your browser. For the best experience, we recommend using a private/incognito browser.
Enter the following credentials:
- Username: [email protected]
- Password: clever
Upon authentication, you will be redirected to a localhost address. You will see an authorization code appended in the browser URL bar.
An authorization code appended to a redirect URI. This represents the first step in the authorization grant flow of OAuth 2.0.
Redeeming an access token
Drop this code into the cURL command below where it says ENTER_CODE_HERE. Be sure to leave the double quotes. Notice that the authorization header already includes credentials formatted as seen below:
Authorization: Basic " + Base64.encode(client_id + ":" + client_secret)
curl --request POST \
--url https://clever.com/oauth/tokens \
--header 'Authorization: Basic MDk1YjgyY2JiZDhjNjg3MTRkMWM6NGIzMzg0ODljZWI0YmVjMzYyNDYxYTdjOTZlM2FhNjA5ZWZmZjA0OQ==' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '
{
"code": "ENTER_CODE_HERE",
"grant_type": "authorization_code",
"redirect_uri": "https://localhost:3000"
}
'
Run your cURL command. You should receive an access token as seen below:
An access token that is retrieved from the Clever /tokens endpoint using a POST call with the authorization code.
Grabbing user data with your token
This token can be used to grab user data. As seen below, you can drop your token into the cURL command below where it says ENTER_TOKEN_HERE. This makes a call to the /me endpoint.
curl --request GET \
--url https://api.clever.com/v3.0/me \
--header 'Authorization: Bearer ENTER_TOKEN_HERE' \
--header 'accept: application/json'
The response should look something like this:
Want to test using Postman?
Check out our collection here.
What's Next?
You've now stepped through a basic OAuth SSO flow with Clever. Next, you will want to determine if District SSO or Library SSO (or both) is the best fit for your needs. Please refer to https://dev.clever.com/docs/sso-overview to determine this. Once you have decided, you can move on to one of the next pages.
Updated 19 days ago