Standard OAuth 2.0 / OpenID Connect endpoints
The Connect2id server supports the following standard OAuth 2.0 server and OpenID Connect provider endpoints:
| Endpoint | Purpose |
|---|---|
| Server discovery | Discover the OAuth 2.0 / OpenID Connect endpoints, supported cryptographic algorithms and extensions. |
| Federation entity configuration | Obtain the authorities, metadata and signing keys for a Connect2id server enrolled in a OpenID federation. |
| Server JWK set | Retrieve the public server JSON Web Key (JWK) set to verify the signature of an issued token or to encrypt request objects to it. |
| Client registration | Create, access, update and delete client registrations. |
| Federation client registration | Create an explicit client registration with a Connect2id server enrolled in a OpenID federation. |
| Pushed authorisation requests | Submit the request parameters directly to the server before sending the user's browser to the authorisation endpoint. |
| Authorisation | Obtain the end-user's authorisation by sending their browser to this endpoint. |
| CIBA | Submit a back-channel request to authenticate an end-user and obtain their consent. |
| Token | Post an OAuth 2.0 grant (code, refresh token, resource owner password credentials, client credentials) to obtain an ID and / or access token. |
| Token introspection | Validate an access token and retrieve its underlying authorisation (for resource servers). |
| Token revocation | Revoke an obtained access or refresh token. |
| UserInfo | Retrieve profile information and other attributes for an end-user. |
| Check session iframe | Poll the OpenID provider for changes of end-user authentication status. |
| Logout (end-session) | Sign out an end-user. |