drio
Launch And AccessAuth Providers

Clerk

Configure Clerk as a delegated OAuth provider for protected drio tools.

Use Clerk when your product already uses Clerk for user management and your drio app should access protected systems as the signed-in user.

What You Need From Clerk

  • your Clerk Frontend API URL
  • authorization endpoint
  • token endpoint
  • client ID
  • client secret, when required
  • scopes
  • the drio callback URL

Clerk documents OAuth application setup in How Clerk implements OAuth and its OAuth SSO setup guide in Use OAuth for Single Sign-On.

Find Your Clerk OAuth URLs

In Clerk, open:

Clerk Dashboard -> Configure -> OAuth applications -> your OAuth application

Use the OAuth URLs shown in the application settings. Clerk also exposes authorization server metadata from your Frontend API URL:

https://YOUR_FRONTEND_API_URL/.well-known/oauth-authorization-server

For a development instance, the Frontend API URL usually looks like:

https://verb-noun-00.clerk.accounts.dev

For a production instance, it can use your Clerk production domain:

https://clerk.example.com

Clerk's metadata document includes the authorize and token URLs. They usually follow this shape:

https://YOUR_FRONTEND_API_URL/oauth/authorize
https://YOUR_FRONTEND_API_URL/oauth/token

Configure The drio Preset

In drio, create a Clerk OAuth auth config and replace the placeholder domain with your Clerk Frontend API URL or the exact URLs shown in Clerk.

drio FieldClerk Value
Authorization endpointhttps://YOUR_FRONTEND_API_URL/oauth/authorize
Token endpointhttps://YOUR_FRONTEND_API_URL/oauth/token
Client IDClerk OAuth client ID
Client secretClerk OAuth client secret, if required
Scopesopenid, profile, email

Clerk currently supports the openid, profile, email, public_metadata, and private_metadata OAuth scopes. Use the smallest scope set your protected tool needs.

Configure Callback URLs In Clerk

Add the drio callback URL shown in the auth config to the allowed redirect URLs for the Clerk OAuth application.

If the client should use PKCE without a client secret, configure the Clerk OAuth application as a public client. Otherwise, save the client secret when Clerk shows it; Clerk does not show that secret again after creation.

Test Sign-In

If sign-in fails, check:

  • the Clerk Frontend API URL in drio matches the Clerk environment you are using
  • the callback URL is allowed in Clerk
  • the scopes in drio are allowed by the Clerk OAuth application
  • the client secret setting matches the Clerk application configuration

Amazon Cognito

Configure Amazon Cognito as a delegated OAuth provider for protected drio tools.

WorkOS

Configure WorkOS as a delegated OAuth provider for protected drio tools.