...
Metadata | Endpoint |
---|---|
OAuth2 and OpenID Connect Metadata |
|
JWKS Web Keys |
|
Metadata Request
The main OAuth2 metadata endpoint contains all of the relevant server endpoints, supported profiles and links to public key material used for validation of signed data.
...
The same metadata is also available at the address /uas/oauth2/metadata.json
. The address /uas/.well-known/openid-
configuration is configuration
is preferred for interoperability.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
GET https://sso.example.com/uas/.well-known/openid-configuration |
...
- tokeninfo_endpoint (deprecated, will be removed in SSO 8) introspection_endpoint provides the same functionality and should be used.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
HTTP/1.1 200 OK Content-Type: application/json { "issuer": "https://sso.example.com/uas", "authorization_endpoint": "https://sso.example.com/uas/oauth2/authorization", "token_endpoint": "https://sso.example.com/uas/oauth2/token", "userinfo_endpoint": "https://sso.example.com/uas/oauth2/userinfo", "jwks_uri": "https://sso.example.com/uas/oauth2/metadata.jwks", "tokeninfo_endpoint": "https://sso.example.com/uas/oauth2/introspection", "introspection_endpoint": "https://sso.example.com/uas/oauth2/introspection", "revocation_endpoint": "https://sso.example.com/uas/oauth2/revocation", "response_types_supported": [ "code" ], "grant_types_supported": [ "authorization_code", "password", "refresh_token", "urn:ietf:params:oauth:grant-type:saml2-bearer", "http://globalsign.com/iam/sso/oauth2/grant-type/sms-mt-otp", "http://globalsign.com/iam/sso/oauth2/grant-type/smtp-otp" ], "subject_types_supported": [ "public" ], "request_object_signing_alg_values_supported": [ "RS256", "HS256" ], "request_object_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5", "A128KW", "A256KW" ], "request_object_encryption_enc_values_supported": [ "A128CBC-HS256", "A256CBC-HS512" ], "id_token_signing_alg_values_supported": [ "RS256", "HS256" ], "id_token_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported": [ "A128CBC-HS256", "A256CBC-HS512" ], "userinfo_signing_alg_values_supported": [ "RS256", "HS256" ], "userinfo_encryption_alg_values_supported": [ "RSA-OAEP", "RSA-OAEP-256", "RSA1_5", "A128KW", "A256KW" ], "userinfo_encryption_enc_values_supported": [ "A128CBC-HS256", "A256CBC-HS512" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "RS256", "HS256" ], "introspection_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt" ], "introspection_endpoint_auth_signing_alg_values_supported": [ "RS256", "HS256" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt" ], "revocation_endpoint_auth_signing_alg_values_supported": [ "RS256", "HS256" ], "scopes_supported": [ "openid", "userinfo" ] } |
...
GET /uas/oauth2/metadata.jwks
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
GET https://sso.example.com/uas/oauth2/metadata.json |
...
The issuer key in a X.509 certificate envelope. Available if compatibility flag MetadataCertificate is enabled in SSO Server.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
HTTP/1.1 200 OK Content-Type: application/jwk-set+json \{"keys": \[\{"kty": "RSA","use": "sig","n": "AK-iEcWcXv2VVnv...", "e": "AQAB"\}\]\} |
...