Standard OAuth 2.0 / OpenID Connect endpoints
The Connect2id server supports the following standard OAuth 2.0 server and OpenID Connect provider endpoints:
Endpoint | Purpose |
---|---|
Server discovery | Discover the OAuth 2.0 / OpenID Connect endpoints, supported cryptographic algorithms and extensions. |
Federation entity configuration | Obtain the authorities, metadata and signing keys for a Connect2id server enrolled in a OpenID federation. |
Server JWK set | Retrieve the public server JSON Web Key (JWK) set to verify the signature of an issued token or to encrypt request objects to it. |
Client registration | Create, access, update and delete client registrations. |
Federation client registration | Create an explicit client registration with a Connect2id server enrolled in a OpenID federation. |
Pushed authorisation requests | Submit the request parameters directly to the server before sending the user's browser to the authorisation endpoint. |
Authorisation | Obtain the end-user's authorisation by sending their browser to this endpoint. |
CIBA | Submit a back-channel request to authenticate an end-user and obtain their consent. |
Token | Post an OAuth 2.0 grant (code, refresh token, resource owner password credentials, client credentials) to obtain an ID and / or access token. |
Token introspection | Validate an access token and retrieve its underlying authorisation (for resource servers). |
Token revocation | Revoke an obtained access or refresh token. |
UserInfo | Retrieve profile information and other attributes for an end-user. |
Check session iframe | Poll the OpenID provider for changes of end-user authentication status. |
Logout (end-session) | Sign out an end-user. |