Authentication with OIDC for Optimizely Graph
Learn why Graph uses Opti ID and how to configure Opti ID
Optimizely Graph supports OpenID Connect (OIDC) authentication through Opti ID, Optimizely’s unified identity platform. This provides secure, standards-based access to content APIs and simplifies identity management across services.
Why Optimizely Graph uses Opti ID authentication
Optimizely Graph uses OIDC with Opti ID to provide flexible and secure access control. This approach offers several benefits for developers and organizations:
- Centralized identity – Authenticate users and services through a single identity provider.
- Standards-based security – Use OAuth 2.0-based OIDC for token authentication.
- Granular access – Control access with roles and claims in JWTs.
- SSO Support – Let users sign in with shared credentials across Optimizely products.
- Modern architecture – Align with Optimizely’s composable, future-ready identity model.
How authentication works in Graph
Graph authorizes access based on JWTs issued by Opti ID or a federated identity provider.
- Authorization header – Pass the token in the
Authorization: Bearerheader. Learn more about Bearer - Claims-based access – Graph uses claims like sub, cg-roles, and email to determine access.
- Scope enforcement – Access is allowed or denied based on roles and scopes in the token.
Configure authentication with Opti ID
Configure SSO, assign roles, and use issued tokens in Graph API requests.
- Configure SSO in Opti ID – Configure OIDC-based SSO with your identity provider.
- Assign user roles – Embed roles like cg-editor or cg-admin in the token’s cg-roles claim to control access.
- Use the token in API requests – Include the JWT in the Authorization header to authenticate Graph queries.
curl -X POST "https://cg.optimizely.com/content/v2" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"query": "{ Article { items { title } } }"}'Updated about 16 hours ago