GET /.well-known/openid-configuration

Returns the OpenID Connect configuration values from the provider's Well-Known Configuration Endpoint, per the specification (http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest).

For additional information about the values returned in the metadata file, see OAuth Well-Known Configuration Information.

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method
URL
Sample Request
Request Headers
Request Parameters

Response
Sample Response
Response Headers
Response Body
Error Codes/Messages

HTTP Method

GET

URL

https://{oauth-provider-hostname}/.well-known/openid-configuration

Sample Request

The example below shows a request for the OpenID Connect provider information for Google.

Sample Request URL

https://accounts.google.com/.well-known/openid-configuration

Sample request headers

Accept: application/json

Sample request body

Not applicable.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	application/json

Request Parameters

None.

Response

If successful, this operation returns HTTP status code 200, with the configuration information for the specified OpenID Connect provider.

Sample Response

The sample response below shows successful completion of this operation, for the sample request to the Google OpenID Connect Provider.

Sample response headers

Content-Type: application/json
Date: Thu, 16 Jul 2015 14:25:20 GMT

Sample response body

{
  "issuer":"http://acmepaymentscorp",
  "authorization_endpoint":"http://acmepaymentscorp/oauth/auz/authorize",
  "token_endpoint":"http://acmepaymentscorp/oauth/oauth20/token",
  "userinfo_endpoint":"http://acmepaymentscorp/oauth/userinfo",
  "jwks_uri":"http://acmepaymentscorp/oauth/jwks",
  "scopes_supported":[
    "READ",
    "WRITE",
    "DELETE",
    "openid",
    "scope",
    "profile",
    "email",
    "address",
    "phone"
  ],
  "response_types_supported":[
    "code",
    "code id_token",
    "code token",
    "code id_token token",
    "token",
    "id_token",
    "id_token token"
  ],
  "grant_types_supported":[
    "authorization_code",
    "implicit",
    "password",
    "client_credentials",
    "urn:ietf:params:oauth:grant-type:jwt-bearer"
  ],
  "subject_types_supported":[
    "public"
  ],
  "id_token_signing_alg_values_supported":[
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512",
    "ES256",
    "ES384",
    "ES512",
    "PS256",
    "PS384",
    "PS512"
  ],
  "id_token_encryption_alg_values_supported":[
    "RSA1_5",
    "RSA-OAEP",
    "RSA-OAEP-256",
    "A128KW",
    "A192KW",
    "A256KW",
    "A128GCMKW",
    "A192GCMKW",
    "A256GCMKW",
    "dir"
  ],
  "id_token_encryption_enc_values_supported":[
    "A128CBC-HS256",
    "A192CBC-HS384",
    "A256CBC-HS512",
    "A128GCM",
    "A192GCM",
    "A256GCM"
  ],
  "token_endpoint_auth_methods_supported":[
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported":[
    "HS256",
    "RS256"
  ],
  "claims_parameter_supported":false,
  "request_parameter_supported":false,
  "request_uri_parameter_supported":false
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	application/json

Response Body

The response body is the configuration file for the provider. Structure of the configuration file, and specific values, vary by provider, but in general it includes the following types of information that an OpenID Connect Relying Party will need:

Issuer (OpenID Connect provider)
Endpoints:
- Authorization Endpoint
- Token Endpoint
- UserInfo Endpoint
- Revocation Endpoint
- JWKS URI
Response types supported
Subject types supported
For ID token, signing algorithm values supported
Scopes supported
For token endpoint, authorization methods supported
Claims supported

For additional information about the values returned in the metadata file, see OAuth Well-Known Configuration Information.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
404	The resource could not be found. This might happen for one of the following reasons: OpenID Connect is not enabled in the OAuth provider If the host name is not correctly mapped to the OAuth provider The URL is accessed over HTTP but the provider is configured to accept only HTTPS requests
500	An error occurred processing the call.

Item

Value

404

The resource could not be found. This might happen for one of the following reasons:

OpenID Connect is not enabled in the OAuth provider
If the host name is not correctly mapped to the OAuth provider
The URL is accessed over HTTP but the provider is configured to accept only HTTPS requests

500

An error occurred processing the call.

More information about Akana OAuth API error messages.