---
title: OIDC 1.0 endpoints
description: Your applications can use the following OpenID Connect (OIDC) endpoints:
component: pingoneaic
page_id: pingoneaic:am-oidc1:oidc-client-endpoints
canonical_url: https://docs.pingidentity.com/pingoneaic/am-oidc1/oidc-client-endpoints.html
keywords: ["OpenID Connect (OIDC)", "Standards", "Endpoints"]
page_aliases: ["oidc1-guide:oidc-client-endpoints.adoc"]
---

# OIDC 1.0 endpoints

Your applications can use the following OpenID Connect (OIDC) endpoints:

| Endpoint                                   | Description                                                                                                                                                                                          | Advanced Identity Cloud is the... |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- |
| `/oauth2/userinfo`                         | Retrieve information about an authenticated end user ([UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo)); requires a valid token with at least the `openid` scope. | Provider                          |
| `/oauth2/idtokeninfo`                      | Validate an unencrypted ID token (Advanced Identity Cloud-specific endpoint).                                                                                                                        | Provider                          |
| `/oauth2/connect/checkSession`             | Retrieve OpenID Connect session information ([session management](session-management.html) endpoint).                                                                                                | Provider                          |
| `/oauth2/connect/endSession`               | Terminate an OpenID Connect session ([session management](session-management.html) endpoint).                                                                                                        | Provider                          |
| `/oauth2/register`                         | Register, read, or delete a client profile ([dynamic client registration](oauth2-dynamic-client-registration.html) endpoint)                                                                         | Provider                          |
| `/.well-known/webfinger`                   | Let a client application discover the OpenID provider URL of an end user ([WebFinger discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#IssuerDiscovery) endpoint).               | Provider                          |
| `/oauth2/.well-known/openid-configuration` | Let a relying party discover the OpenID provider configuration.                                                                                                                                      | Provider                          |
| `/oauth2/connect/jwk_uri`                  | Retrieve the OpenID provider's public keys to verify client-side token signatures or to encrypt OIDC JWTs in requests.                                                                               | Provider                          |
| `/oauth2/connect/rp/jwk_uri`               | Retrieve Advanced Identity Cloud client public keys for providers to encrypt ID tokens and verify signatures.                                                                                        | Relying party                     |

Many OAuth 2.0 endpoints also support OIDC. For reference documentation, refer to:

* [OAuth 2.0 endpoints](../am-oauth2/oauth2-client-endpoints.html)

* [OAuth 2.0 administration endpoints](../am-oauth2/oauth2-admin-endpoints.html)