GET /.well-known/openid-configuration
Returns the OpenID Connect configuration values from the provider's Well-Known Configuration Endpoint, per the specification (http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest).
For additional information about the values returned in the metadata file, see OAuth Well-Known Configuration Information.
Authorization Roles/Permissions: Anyone can run this operation.
This topic includes the following sections:
HTTP Method
GET
URL
https://{oauth-provider-hostname}/.well-known/openid-configuration
Sample Request
The example below shows a request for the OpenID Connect provider information for Google.
Sample Request URL
https://accounts.google.com/.well-known/openid-configuration
Sample request headers
Accept: application/json
Sample request body
Not applicable.
Request Headers
For general information on request header values, refer to HTTP Request Headers.
Header | Description |
---|---|
Accept | application/json |
Request Parameters
None.
Response
If successful, this operation returns HTTP status code 200, with the configuration information for the specified OpenID Connect provider.
Sample Response
The sample response below shows successful completion of this operation, for the sample request to the Google OpenID Connect Provider.
Sample response headers
Content-Type: application/json Date: Thu, 16 Jul 2015 14:25:20 GMT
Sample response body
{ "issuer":"http://acmepaymentscorp", "authorization_endpoint":"http://acmepaymentscorp/oauth/auz/authorize", "token_endpoint":"http://acmepaymentscorp/oauth/oauth20/token", "userinfo_endpoint":"http://acmepaymentscorp/oauth/userinfo", "jwks_uri":"http://acmepaymentscorp/oauth/jwks", "registration_endpoint":"http://acmepaymentscorp.com", "scopes_supported":[ "READ", "WRITE", "DELETE", "openid", "scope", "profile", "email", "address", "phone" ], "response_types_supported":[ "code", "code id_token", "code token", "code id_token token", "token", "id_token", "id_token token" ], "grant_types_supported":[ "authorization_code", "implicit", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "subject_types_supported":[ "public" ], "id_token_signing_alg_values_supported":[ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512" ], "id_token_encryption_alg_values_supported":[ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A192KW", "A256KW", "A128GCMKW", "A192GCMKW", "A256GCMKW", "dir" ], "id_token_encryption_enc_values_supported":[ "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512", "A128GCM", "A192GCM", "A256GCM" ], "token_endpoint_auth_methods_supported":[ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported":[ "HS256", "RS256" ], "claims_parameter_supported":false, "request_parameter_supported":false, "request_uri_parameter_supported":false }
Response Headers
For general information on response header values, refer to HTTP Response Headers.
Header | Description |
---|---|
Content-Type | application/json |
Response Body
The response body is the configuration file for the provider. Structure of the configuration file, and specific values, vary by provider, but in general it includes the following types of information that an OpenID Connect Relying Party will need:
- Issuer (OpenID Connect provider)
- Endpoints:
- Authorization Endpoint
- Token Endpoint
- UserInfo Endpoint
- Revocation Endpoint
- JWKS URI
- Registration Endpoint
- Response types supported
- Subject types supported
- For ID token, signing algorithm values supported
- Scopes supported
- For token endpoint, authorization methods supported
- Claims supported
For additional information about the values returned in the metadata file, see OAuth Well-Known Configuration Information.
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
Item | Value |
---|---|
404 |
The resource could not be found. This might happen for one of the following reasons:
|
500 | An error occurred processing the call. |
More information about Akana OAuth API error messages.