Feature Request: CORS/Allowed Origins Configuration for OIDC Provider Implementatio

[garronej]

Hi Clerk team,

I'm working on an open-source solution that integrates with various OIDC providers to enable enterprise authentication. Our software is designed to work with any standard OIDC provider (Keycloak, Microsoft Entra ID, Auth0, etc.) through standard OIDC configuration.

Current Limitation:
While Clerk's OIDC implementation supports standard flows (Authorization Code + PKCE) (1) , there appears to be no way to configure allowed origins for the token endpoint. This prevents direct integration from SPAs that don't use the Clerk SDK.

Use Case:
Enabling oganization that uses Clerk as their auth provider to instantiate Onyxia (We are not a company, we are public servants). Since we build generic software that must work with any OIDC provider, we cannot include provider-specific SDKs.

Feature Request:
Would it be possible to add an "Allowed Origins" configuration option in the OAuth application settings? This would enable standard CORS support for token endpoints, similar to other OIDC providers, while maintaining security through proper origin validation.

This addition would greatly enhance Clerk's enterprise integration capabilities while maintaining security through proper origin validation.

Thank you for considering this request.

[jescalan]

Hi there! We do not actively monitor github discussions for feature requests. Please check out the pinned item for the right place to file your feature request!

[garronej]

Hello @jescalan,

Thank you for your response, and apologies for submitting this in the wrong place. In my defense, your Discord bot directed me here.

I've submitted a new entry in your tracker, but I doubt it will gain much traction. Organizations encountering this issue likely won't be able to trace it back to this specific restriction. Instead, they might conclude that Clerk isn't suited to function as a traditional enterprise IAM solution—which is unfortunate, as it absolutely could be if this configuration option were available.