Access Management

OpenID Connect 1.0 endpoints

AM exposes the following OpenID Connect-related endpoints:

AM Acting As…​ Endpoint Description

Provider

/oauth2/userinfo

Retrieves information about an authenticated user. It requires a valid token issued with, at least, the openid scope (OpenID Connect userinfo endpoint).

Provider

/oauth2/idtokeninfo

Validates unencrypted ID tokens (AM-specific endpoint).

Provider

/oauth2/connect/checkSession

Retrieves OpenID Connect session information (OpenID Connect Session Management endpoint).

Provider

/oauth2/connect/endSession

Invalidates OpenID Connect sessions (OpenID Connect Session Management endpoint).

Provider

/oauth2/register

Registers, reads, and deletes OAuth 2.0 clients (RFC7592 and RFC7591)

Provider

/.well-known/webfinger

Exposes the URL of the OpenID provider during OpenID Connect discovery.

Provider

/oauth2/.well-known/openid-configuration

Exposes provider configuration for OpenID Connect discovery.

Provider

/oauth2/connect/jwk_uri

Exposes the public keys that clients can use to verify the signature of client-side tokens and to encrypt OpenID Connect requests sent as a JWT.

Relying Party

/oauth2/connect/rp/jwk_uri

Exposes AM client public keys. Providers can use them to encrypt ID tokens sent to AM, and to verify JWT and object signatures coming from AM.

When AM acts as an OpenID Connect provider, the OAuth 2.0 endpoints support OpenID Connect specific parameters, such as prompt and ui_locales.

For a complete list of the endpoints and parameters AM supports as an OAuth 2.0/OpenID Connect provider, see OAuth 2.0 endpoints and OAuth 2.0 administration REST endpoints.