Overview

OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0. It allows you to obtain additional information (called Claim Values) about a user while going through the OAuth 2.0 authorization code flow. The OpenID Connect Basic Client Implementer's Guide gives detailed information about these scopes.

How to Use

You must request these special scopes for OIDC when you register your application (see Registering your Application):

openid : Allows you to call the endpoint

profile : Returns common fields in the id_token

email : Returns email related fields in the id_token

If your application uses these special scopes, requests you make to the token endpoint will return additional information in our response. The only difference between this and the regular authorization flow is that you will receive an id_token as part of our response. The id_token is a JWT that contains the user claims that you requested via the scopes specified by your application.

OIDC Discovery

If you are using an OIDC compliant client library, you can automatically configure OIDC integration by pointing to Carta’s OIDC Discovery document (also known as a “well-known endpoint”) which contains additional details about our OIDC configuration. This Discovery document is a JSON document containing key-value pairs that outline Carta’s OIDC configuration, including URIs of the authorization, token, revocation, and userinfo endpoints.

You can retrieve Carta’s OIDC Discovery document here:

GET https://login.app.carta.com/o/.well-known/openid-configuration