Disclaimer: This website requires Please enable JavaScript in your browser settings for the best experience.

Dev guideUser Guides
HomeDev guideRecipesAPI Reference
Dev guideUser GuidesLegal TermsNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev guide
Legal TermsNuGetDev CommunityOptimizely AcademySubmit a ticket

Generic OIDC provider

How to authenticate using a generic OIDC provider.

Suggest Edits

To use an external (generic) OIDC provider, you must configure the OIDC config to verify the JWT token. You need a seperate key for configuring the OIDC endpoints. Contact Optimizely Support to request your key.

  1. Send a PUT request to the OIDC config URL: https://cg.optimizely.com/api/config/oidc with epi-hmac or basic authorization header.

    curl -XPUT \
  -H 'Authorization: Basic {appKey}:{secret}' \
  -d '{
    "issuer": "{your_issuer}",
    "audience": "{your_audience}",
  }' https://cg.optimizely.com/api/config/oidc

    {
    "issuer": "{your_issue}",
    "audience": "{your_audience}",
}

  2. After you authenticate, your JWT payload should have issuer and audience claims.

    {
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022,
  "iss": "{your_issuer}",
  "audience": "{your_audience}"
}

  3. Send your GQL query to the query endpoint with your JWT token.

    curl -XPOST \
  -H 'Authorization: Bearer {jwt_token}' \
  -d '{query}' \
  https://cg.optimizely.com/content/v2?tenant_id={your_turnstile_tenant_id}

Updated about 19 hours ago