HomeDev guideRecipesAPI ReferenceGraphQL
Dev guideUser GuideGitHubNuGetDev CommunitySubmit a ticketLog In
GitHubNuGetDev CommunitySubmit a ticket

Generic provider

How to authenticate using a generic OIDC provider.

To use an external (generic) OIDC provider, you need to set up the OIDC config to verify the JWT token:

  1. Send a PUT request to the OIDC config url: https://cg.optimizely.com/api/config/oidc with epi-hmac or basic authorization header:

    curl -XPUT \
      -H 'Authorization: Basic {appKey}:{secret}' \
      -d '{
        "issuer": "{your_issue}",
        "audience": "{your_audience}",
      }' https://cg.optimizely.com/api/config/oidc
    
    {
        "issuer": "{your_issue}",
        "audience": "{your_audience}",
    }
    
  2. Once authenticated, your JWT payload should have issuer and audience claims:

    {
      "sub": "1234567890",
      "name": "John Doe",
      "iat": 1516239022,
      "iss": "{your_issuer}",
      "audience": "{your_audience}"
    }
    
  3. Send your GQL query to the query endpoint with your JWT token:

    curl -XPOST \
      -H 'Authorization: Bearer {jwt_token}' \
      -d '{query}' \
      https://cg.optimizely.com/content/v2/tenant_id={your_turnstile_tenant_id}