Protocol

OpenID Connect SSO for Thinkific

WooNinja SSO supports OpenID Connect for modern, token-based single sign-on. Managed socialite providers for the most widely used enterprise IdPs, plus Generic OIDC support for any standards-compliant provider. PKCE, refresh tokens, and flexible claims mapping included.

Managed OIDC providers

These identity providers are supported natively via dedicated OIDC connectors. Each provider has pre-configured endpoints, scopes, and claims mapping for fast setup.

Okta OIDC
Auth0 OIDC
Microsoft Entra ID
OneLogin OIDC
Salesforce

Generic OIDC support

If your identity provider is not in the managed list, Generic OIDC connectors cover the rest. Two variants are available:

Generic OIDC (standard)

For providers that expose a standard OIDC discovery document at /.well-known/openid-configuration. Configure the issuer URL and client credentials — endpoints, scopes, and JWKS are resolved automatically.

Generic OIDC (Basic Auth)

For providers that require HTTP Basic Authentication at the token endpoint. Supports the same OIDC flows with additional client_id / client_secret credentials passed via the Authorization header.

OIDC features and configuration

PKCE and refresh tokens

OIDC flows use Proof Key for Code Exchange (PKCE) for secure authorization code exchange. Refresh tokens are supported to maintain long-lived sessions without re-authentication. Token expiry and rotation are handled automatically.

Standard claims mapping

Standard OIDC claims (sub, email, name, given_name, family_name) are mapped automatically to Thinkific user fields. Custom claims can be mapped to Thinkific custom profile fields and group membership on a per-connection basis.

User provisioning with OIDC

New users are created in Thinkific on their first OIDC login via firstOrCreate based on the unique identifier from the ID token. Profile data is updated on every subsequent login. Seat limits, enrollment rules, and group assignments are applied as part of the provisioning pipeline.

Per-connection configuration

Each OIDC connection has its own client credentials, scopes, claims mapping rules, and enrollment configuration. Isolate different organisations or Thinkific sites into separate connections with distinct OIDC providers.

Ready to set up OIDC for Thinkific?

We can help you choose the right OIDC flow and configure your provider.

Book a demo