We're updating the issue view to help you get more done. 

Convert Insights from OIDC-based to JWT-based AuthN


The Insights application (aka https://github.com/edx/edx-analytics-dashboard) is one of two remaining applications that still use DOP-based OpenID Connect authentication. The LMS course API was expanded to add the functionality needed to provide the course access information required by the Insights application in this merged PR:

This information is currently passed to the Insights app inside the OIDC auth token. To remove the usage of OIDC, the Insights app will instead need to query the LMS course API post-auth, as prototyped by in this PR:

It's important to perform this work before the next Open edX release (Juniper) in order to announce the DOP/OIDC-based authentication as deprecated - and enable its removal before the K-release of Open edX. edx-analytics-dashboard is tagged in the Open edx release, so is considered as part of the release.

Acceptance Criteria:

  • Complete work on the Insights PR listed above, including implementation, review, and merging.

  • Create the needed DOT-based credentials (Insights client ID/secret) in the stage/production LMS DBs.

  • Implement and merge any needed configuration PRs to add the new Insights credentials.

  • Deploy the AuthN change to stage Insights and verify its proper operation.

  • Deploy the AuthN change to production Insights and verify its proper operation.

  • Deprecate the previously-used DOP client ID/secret in the stage/production LMS DBs.


Epic Link


Story Points





Julia Eskew