HomeDev guideAPI Reference
Dev guideUser GuideGitHubNuGetDev CommunitySubmit a ticketLog In
GitHubNuGetDev CommunitySubmit a ticket

Generic OIDC provider

How to authenticate using a generic OIDC provider.

To use an external (generic) OIDC provider, you need to set up the OIDC config to verify the JWT token:

  1. Send a PUT request to the OIDC config url: https://cg.optimizely.com/api/config/oidc with epi-hmac or basic authorization header:

    curl -XPUT \
      -H 'Authorization: Basic {appKey}:{secret}' \
      -d '{
        "issuer": "{your_issue}",
        "audience": "{your_audience}",
      }' https://cg.optimizely.com/api/config/oidc
        "issuer": "{your_issue}",
        "audience": "{your_audience}",
  2. After you authenticate, your JWT payload should have issuer and audience claims:

      "sub": "1234567890",
      "name": "John Doe",
      "iat": 1516239022,
      "iss": "{your_issuer}",
      "audience": "{your_audience}"
  3. Send your GQL query to the query endpoint with your JWT token:

    curl -XPOST \
      -H 'Authorization: Bearer {jwt_token}' \
      -d '{query}' \