feat: Clerk as an OpenID Connect provider #1968
Conversation
|
Hey, here’s your docs preview: https://clerk.com/docs/pr/1968 |
chanioxaris
force-pushed
the
haris/user-911-update-public-docs-oauth-oidc
branch
from
72c6cad to
4727518
Compare
|
|
||
| In order to make your Clerk instance operate as an OAuth 2.0 provider, create an OAuth application in the Clerk Dashboard. Then, configure the client to work with your Clerk instance, using the necessary data from your Clerk OAuth application. | ||
| In order to make your Clerk instance operate as a provider, create an OAuth application in the Clerk Dashboard. Then, configure the client to work with your Clerk instance, using the necessary data from your Clerk OAuth application. |
There was a problem hiding this comment.
🙃 Wouldn't it be better to switch this part to "steps"?
There was a problem hiding this comment.
I believe here we just describe in a high level that you need to do in order to make this work. To create an OAuth application (IdP) and then use the information to configure the client (SP)
docs/advanced-usage/clerk-idp.mdx
Outdated
| @@ -75,6 +76,42 @@ The `/oauth/userinfo` endpoint provides the following user properties, depending | |||
| | `private_metadata` | The private metadata of the user | | |||
| | `unsafe_metadata` | The unsafe metadata of the user | | |||
|
|
|||
| ### ID Token | |||
|
|
|||
| The ID Token is a regular JSON Web Token (JWT) that contains user profile information. After a user successfully authenticates using the OpenID Connect flow, they receive an ID Token along with other tokens. | |||
There was a problem hiding this comment.
I don't think we need to capitalize T in the sentence.
| The ID Token is a regular JSON Web Token (JWT) that contains user profile information. After a user successfully authenticates using the OpenID Connect flow, they receive an ID Token along with other tokens. | |
| The ID token is a regular JSON Web Token (JWT) that contains user profile information. After a user successfully authenticates using the OpenID Connect flow, they receive an ID token along with other tokens. |
There was a problem hiding this comment.
As far i can see, in the spec they capitalize the T as they do for Access Tokens and Refresh Tokens
There was a problem hiding this comment.
chanioxaris
force-pushed
the
haris/user-911-update-public-docs-oauth-oidc
branch
from
c6558c7 to
5349058
Compare
docs/advanced-usage/clerk-idp.mdx
Outdated
|
|
||
| The ID token is a JWT (JSON Web Token) that contains standard JWT claims as defined in RFC 7519, as well as additional custom claims that represent the authenticated user's profile information. The token is signed using your instance's private key and can be verified using the corresponding public key. | ||
|
|
||
| {/* TODO: How do they use the public key to validate the token? */} |
There was a problem hiding this comment.
They can validate it as any other regular JWT that has been generated and signed by their instance. For example the Clerk session token. You can obtain the instance public key from the JWKS endpoint. I believe we don't need to add any additional information on how to do it. Maybe a link to a page that describes how to verify their instance JWT is enough
🔎 Previews:
What does this solve?
What changed?
Checklist