Standard OAuth 2.0 / OpenID Connect endpoints
The Connect2id server supports the following standard OAuth 2.0 server and OpenID Connect provider endpoints:
| Endpoint | Purpose |
|---|---|
| Server discovery | Discover the OAuth 2.0 / OpenID Connect endpoints, capabilities, supported cryptographic algorithms and features. |
| Federation entity statement | Obtain the authorities, metadata and signing keys for a Connect2id server participating in a OpenID Connect federation. |
| Server JWK set | Retrieve the public server JSON Web Key (JWK) to verify the signature of an issued token or to encrypt request objects to it. |
| Client registration | Create, access, update or delete a client registration. |
| Federation client registration | Create an explicit client registration with a Connect2id server participating in a OpenID Connect federation. |
| Pushed authorisation requests | Submit the request parameters directly to the server before sending the end-user to the authorisation endpoint for login and consent. |
| Authorisation | The client sends the end-user's browser here to request the user's authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows which require end-user interaction. |
| Token | Post an OAuth 2.0 grant (code, refresh token, resource owner password credentials, client credentials) to obtain an ID and / or access token. |
| Token introspection | Validate an access token and retrieve its underlying authorisation (for resource servers). |
| Token revocation | Revoke an obtained access or refresh token. |
| UserInfo | Retrieve profile information and other attributes for a logged-in end-user. |
| Check session iframe | Poll the OpenID provider for changes of end-user authentication status. |
| Logout (end-session) | Sign out an end-user. |