Get Set Up for OIDC
To use OpenID Connect with Clever and receive identity tokens, you must first contact [email protected] to have your application account appropriately configured.
If you are building out an OIDC SSO integration yourself, the implementation will be exactly like that of the OAuth Flow with the key difference being the receipt of an identity token and access to the userinfo endpoint.
One of the benefits of OpenID Connect is that it specifies a standard way for identity providers to share configuration information, which means that connecting with any third-party authentication service only requires providing a few key details.
An OIDC compliant provider such as Clever shares necessary information about their requirements at something called the discovery endpoint. Clever's discovery endpoint is:
Even this endpoint is set up according to a standard format, so in many cases all you need to know is that Clever supports OIDC and the issuer is
The discovery endpoint tells any authentication service where and how to kick off the authentication process, get tokens, and verify the tokens.
Setting up OIDC with most authentication services usually only requires filling out a few fields. This example is for AWS Cognito, but the required fields should be similar for many other providers:
Provider name: this can be anything you'd like to use, but "Clever" makes a lot of sense here!
Client ID: your application's Client ID, found on the Clever application dashboard
Client secret: your application's Client secret. This is required for authenticating with Clever
Attributes request method: Clever supports both POST and GET
Authorize scope: Clever manages scopes through application configuration, so this is not required by Clever. However, some authentication services may still require a value of openid at a minimum
Issuer: this is used to make a call to the discovery endpoint to grab the rest of the information needed to connect with Clever
Updated 10 months ago