Oauth Applications for Integrating as Oauth V2 Authentication

[pj1527]

Hey, I need some guidance here.

Context: I am working on creating a zapier integration where I want to use Clerk for authentication. In order to do that, I created an Oauth Application in my Clerk dashboard which got me client_id client_secret and urls such as authorize token userinfo etc.

So in my zapier integration I first use the authorize url to login the user and get a authorization code which is then exchanged immediately using the token url, now I expected the token url to return a jwt access token but it is returning me a non jwt access token.

The idea is to use the access token and use it for authenticating subsequent calls to my backend.

For reference, I am validating the token using a method like the one below:

class ClerkAuthVerifier:
    def __init__(self, clerk_secret: str):
        self.clerk = Clerk(bearer_auth=clerk_secret)

    async def verify_clerk_session(self, request: Request):
        try:
            request_state = self.clerk.authenticate_request(
                request=request,
                options=AuthenticateRequestOptions(
                    audience=["my-backend-api"]
                )
            )

            if not request_state.is_signed_in:
                logger.error(f"Unauthorized: {request_state.message}")
                raise HTTPException(status_code=401, detail=f"Unauthorized: {request_state.message}")

            return request_state
        except Exception as e:
            logger.error(f"Authentication failed: {str(e)}")
            raise HTTPException(status_code=401, detail=f"Authentication failed: {str(e)}")

So is it normal for Clerk to return non jwt access tokens or is there something wrong with my configuration ?
If it is normal, how can I get a jwt token which I can use with my backend ?

[nikevp]

What I ended up doing for now is adding an input field for orgID in the authorization step which gets passed as a header. You can then just validate that that user has access to that orgID. The better long-term approach is to use a computed field that queries for the users organizations but I haven't actually validated that yet.

[pj1527]

Thanks for the response, I actually did something similar