Discovery API¶
This API is the implementation of OpenID Connect Discovery 1.0 specification. It is used to publish OIDC-related metadata that can be used by Relying Party to understand which features are available and how to interact with it.
Endpoint: GET /oauth/.well-known/openid-configuration
Example response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"issuer": "https://tokenserver.example.com",
"authorization_endpoint": "https://tokenserver.example.com/oauth/v1/authorize",
"token_endpoint": "https://tokenserver.example.com/oauth/v1/token",
"jwks_uri": "https://tokenserver.example.com/oauth/v1/keys",
"userinfo_endpoint": "https://tokenserver.example.com/oauth/v1/userinfo",
"revocation_endpoint": "https://tokenserver.example.com/oauth/v1/revoke",
"response_types_supported": [
"code",
"token",
"id_token",
"token id_token"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"rs256",
"rs384",
"rs512",
"ps256",
"ps384",
"ps512",
"es256",
"es384",
"es512"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"scopes_supported": [
"address",
"phone",
"openid",
"profile",
"email"
],
"claims_supported": [
"sub",
"name",
"given_name",
"family_name",
"middle_name",
"nickname",
"preferred_username",
"profile",
"picture",
"website",
"email",
"email_verified",
"gender",
"birthdate",
"zoneinfo",
"locale",
"phone_number",
"phone_number_verified",
"address",
"updated_at",
"custom_attributes"
],
"check_session_iframe": "https://tokenserver.example.com/oauth/v1/check_session",
"end_session_endpoint": "https://tokenserver.example.com/oauth/v1/logout",
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": false,
"id_token_encryption_alg_values_supported": [
"RSA-OAEP-256",
"ECDH-ES",
"ECDH-ES+A128KW",
"ECDH-ES+A192KW",
"ECDH-ES+A256KW"
],
"id_token_encryption_enc_values_supported": [
"A128CBC-HS256",
"A192CBC-HS384",
"A256CBC-HS512",
"A128GCM",
"A192GCM",
"A256GCM"
],
"acr_values_supported": [
"urn:onegini.com:oidc:authentication_level:1",
"urn:onegini.com:oidc:authentication_level:2",
"urn:onegini.com:oidc:authentication_level:3",
"urn:onegini.com:oidc:authentication_level:4"
]
}