OpenID Connect

Asana also supports the OpenID Connect protocol for authenticating Asana users with your applications. That is, in addition to the using code for your response_type in the OAuth flow, you can also use the id_token as your response_type.

<!-- User authorization endpoint -->

<a
  href="https://app.asana.com/-/oauth_authorize
?client_id=753482910
&redirect_uri=https://my.app.com
&response_type=id+token
&state=thisIsARandomString
&code_challenge_method=S256
&code_challenge=671608a33392cee13585063953a86d396dffd15222d83ef958f43a2804ac7fb2
&scope=openid"
  >Authenticate with Asana</a
>

๐Ÿ“˜

OAuth

The OpenID Connect protocol can be initiated during the user authorization step of the overall OAuth flow. For full context, visit out OAuth documentation.


JSON web token

For this response type, you are not granted an access token for the API, but rather given a signed JSON Web Token containing the user's ID along with some metadata. If you want to allow users to log into your services using their Asana account, the OpenID Connect protocol is an ideal way to authenticate an Asana user. To obtain an ID token, you must request the openid scope during the authentication flow.

It is also possible to obtain an ID token alongside an authorization code in the authorization code grant
flow by using the (space-delimited) code id_token response type. If you do, the redirect parameters will include the ID token in addition to everything you would normally receive.


UserInfo endpoint

To access additional information about the user in a standardized format, we also expose a user info endpoint that can provide the user's name, email address, and profile photo.

This data is available by making a GET request to https://app.asana.com/api/1.0/openid_connect/userinfo with an OAuth access token that has the openid scope. Depending on the scopes tied to that token, you will receive different pieces of data. Refer to our list of OAuth scopes to determine which additional scopes you need to get the data you want.


Metadata

Metadata about our OpenID Connect implementation is also made available through OpenID Connect's
Discovery protocol.

Making an unauthenticated GET request to https://app.asana.com/api/1.0/.well-known/openid-configuration will provide all the details of our implementation necessary for you to use OpenID Connect with Asana's API.