OpenID Connect (OIDC)

OpenID Connect (OIDC)

WeWorks supports OpenID Connect as an optional authentication provider alongside email/password, OAuth, and SAML.

End-user login

  1. Go to the client login page
  2. Click the OIDC login option
  3. Authenticate with your identity provider
  4. You are redirected back to WeWorks with a session

First-time OIDC users may need an account linked by an administrator.

Admin configuration

Admins configure OIDC at Admin → Authentication:

  1. Select OIDC as the provider type
  2. Enter:
    • Issuer — OIDC well-known configuration URL (e.g. https://login.example.com/.well-known/openid-configuration)
    • Client ID
    • Redirect URI — must match your IdP app registration (typically https://client.yourdomain.com/auth/oidc or similar)
  3. Save the configuration

Requirements

  • Client type must be PUBLIC at the identity provider (browser-based login flow)
  • Redirect URI must exactly match what is registered with the IdP
  • Issuer URL must expose standard OIDC discovery metadata

Removing OIDC

Admins can delete the OIDC configuration from the same authentication settings page. Users will then need to use email/password or another configured provider.

Troubleshooting

ProblemSolution
Account not foundAsk an admin to create/link your WeWorks user to the OIDC subject
Redirect mismatchVerify redirect URI in admin settings matches IdP registration
Login loopCheck API logs; ensure FRONTEND_URL and HTTPS proxy headers are correct
Invalid issuerUse the full well-known URL; test it returns JSON metadata