From 8f9fdb0aebe82883ccf7563e6e0e4afb5fbd97c8 Mon Sep 17 00:00:00 2001
From: Jonathan Law <jonathanlaw2@gmail.com>
Date: Fri, 3 May 2024 14:18:38 -0400
Subject: [PATCH] Update the Clever provider to not require a backchannel
 identity token

---
 .../OpenIddictClientWebIntegrationHandlers.cs                 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
index b8a7ec8c..73a4373e 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.cs
@@ -641,6 +641,10 @@ public static partial class OpenIddictClientWebIntegrationHandlers
              context.RequireBackchannelIdentityToken,
              context.ValidateBackchannelIdentityToken) = context.Registration.ProviderType switch
             {
+                // Clever claims the OpenID Connect flavor of the code flow is supported but
+                // their implementation doesn't always return an id_token from the token endpoint.
+                ProviderTypes.Clever => (true, false, true),
+
                 // While PayPal claims the OpenID Connect flavor of the code flow is supported,
                 // their implementation doesn't return an id_token from the token endpoint.
                 ProviderTypes.PayPal => (false, false, false),