Greenhouse as an OIDC Identity Provider

Greenhouse, as an identity provider

For years, Greenhouse has been an OAuth provider – issuing access tokens that partner apps can use to call our APIs on a user’s behalf. As the partner ecosystem has expanded and customers have asked for richer ways to authenticate downstream tools, the next step has been clear: extend OAuth to OpenID Connect so Greenhouse can identify the user, not just grant API access.

Greenhouse as an OIDC Identity Provider is that extension.

What this enables:

• OIDC discovery endpoint at /.well-known/openid-configuration, so any OIDC-compliant client can discover the Greenhouse endpoints automatically
• JWKS endpoint at /.well-known/jwks.json for signature verification
• ID tokens issued alongside access tokens whenever the openid scope is requested
• /userinfo endpoint with an MVP claim set for OIDC clients
• Permission-aware consent that excludes service accounts from interactive consent flows and respects the existing Greenhouse permission model
• Partner registration, starting with inSided as a launch client

Why it matters

Customers increasingly want a single trusted identity layer across their hiring stack – onboarding tools, partner platforms, in-house apps. Becoming an OIDC IdP means Greenhouse can be that anchor when it makes sense for the customer’s architecture, on the same governance, audit and permission posture that defines the rest of the platform.