When developing OAuth-capable applications, developers must follow the OAuth 2.0 Authorization Framework and OpenID Connect specifications if applicable.
OAuth-capable applications must send requests to various OAuth endpoints to obtain authorization grants, access tokens, refresh tokens, and ID tokens if applicable. Additional endpoints exist for other purposes, including for clients to validate access and refresh tokens, for developers to submit client registrations using the OAuth 2.0 Dynamic Client Registration protocol, and for clients to retrieve metadata about the OpenID Connect and OAuth authorization server configurations.
Each endpoint extends from the runtime server at the base URL. If you configure virtual host names, the endpoints are also accessible at those locations.
Example
If the base URL is https://www.example.com:9031 and the configured virtual host names are www.example.org and www.example.info, the authorization and token endpoints are accessible at the following locations:
- Authorization endpoint /as/authorization.oauth2
-
- https://www.example.com:9031/as/authorization.oauth2
- https://www.example.org:9031/as/authorization.oauth2
- https://www.example.info:9031/as/authorization.oauth2
- Token endpoint /as/token.oauth2
-
- https://www.example.com:9031/as/token.oauth2
- https://www.example.org:9031/as/token.oauth2
- https://www.example.info:9031/as/token.oauth2