Register your application in the Clever developer dashboard and configure the redirect URI and requested scopes
Redirect the user to Clever's OAuth 2.0 authorization endpoint with client_id, redirect_uri, response_type=code, and scope=read:user_id
On callback, exchange the authorization code for a bearer token via POST to Clever's token endpoint using client_id and client_secret
Use the bearer token to GET https://api.clever.com/v3.0/me to retrieve the authenticated user's Clever id, type, and district id
Look up or create the corresponding user account in your application using the Clever id as the authoritative external identifier
Establish a session for the user and redirect them to the appropriate landing page based on their role (student, teacher, district admin)
Known gotchas
The authorization code is single-use and short-lived; if the token exchange fails, the user must restart the OAuth flow from the beginning
Clever Instant Login uses a district-scoped identity; a user who belongs to multiple districts will have a different Clever id per district context
Applications must handle the case where a Clever user has no corresponding account in the application gracefully, either by auto-provisioning or presenting a clear error message
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp