Versions Compared

Old Version 2

changes.mady.by.user Kristoffer Kristoffer

Saved on

compared with

New Version Current

changes.mady.by.user Matheus Srebro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version master

Openid-configuration is a standard endpoint that returns configuration metadata in terms of key properties of the OIDC Provider. 

Table of Contents

Overview

URL https://<oidc-baseurl>/.well-known/openid-configuration
Request methodGET without any parameters
Client authenticationAuthenticationNone
Request parametersNone
Response elementsSuccess response200 OK with JSON structure according to standard.
Error reponseApplicable http error code
ExampleSee below

Openid-configuration is a standard endpoint that returns a JSON-formatted response containing configuration metadata in terms of key properties of the OIDC Provider. 


Anchor
example
example
Example

...

Code Block
languagexml
themeConfluence
titleRequest / Response
GET /auth/oidcrealms/oauthcurrent/.well-known/openid-configuration HTTP/1.1
Host: preprodauth.current.bankidapisbankid.no
ConnectionUser-Agent: close
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.8
 
HTTP/1.1 200 OKcurl/7.64.1
Accept: */*

HTTP/1.1 200 OK
Date: Wed, 18 Aug 2021 10:26:35 GMT
Server: web
Cache-Control: no-cache, must-revalidate, no-transform, no-store
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Type: application/json;charset=utf-8
Server: Microsoft-IIS/8.5
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Date: Tue, 23 May 2017 20:42:14 GMT
Connection: close
Content-Length: 1369
{
    "authorization_endpoint
Content-Length: 3000

{
    "issuer": "https://auth.current.bankid.no/auth/realms/current",
    "authorization_endpoint": "https://auth.current.bankid.no/auth/realms/current/precheck/auth",
    "token_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token",
    "token_introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
    "userinfo_endpoint": "https://userinfo.current.bankid.no/userinfo",
    "end_session_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/logout",
    "jwks_uri": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/certs",
    "check_session_iframe": "https://preprodauth.current.bankidapisbankid.no/oidc/oauth/authorize/auth/realms/current/protocol/openid-connect/login-status-iframe.html",
    "claimgrant_types_supported": [
        "normal"authorization_code",
        ]"implicit",
        "claims_parameter_supported": falserefresh_token",
        "password",
        "client_credentials"
    ],
    "claimsresponse_types_supported": [
        "preferred_username"code",
        "none",
        "id_token",
        "nametoken",
        "subid_token token",
        "iatcode id_token",
        "isscode token",
        "code id_token "auth_time",
 token"
    ],
    "subject_types_supported": [
        "public",
        "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
        "expPS384",
        "birthdateES384",
        "nonceRS384",
        "amrHS256",
        "azpHS512",
        "bid_codeES256",
        "audRS256",
        "at_hashHS384",
        "c_hashES512",
        "nninPS256",
        "addressPS512",
        "phoneRS512"
    ],
    "grant_typesid_token_encryption_alg_values_supported": [
        "RSA-OAEP",
        "authorizationRSA1_code5"
    ],
    "id_token_encryption_enc_values_supported": [
        "A128GCM",
        "A128CBC-HS256"
    ],
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "issuer": "https://preprod.bankidapis.no",request_object_signing_alg_values_supported": [
        "PS384",
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "jwks_uri": "https://preprod.bankidapis.no/oidc/oauth/userinfo/jwk",ES256",
        "RS256",
        "login_hint_supported": "[BIM|BID][:\\d{11}][:\\d{8}][:\\d{6}] for respectively client_type, nnin, phoneNo, birthday"HS384",
        "ES512",
        "PS256",
        "PS512",
        "RS512",
        "none"
    ],
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "response_typestoken_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "codeclient_secret_basic",
        "tokenclient_secret_post",
        "idtls_client_tokenauth",
        "id_token tokenclient_secret_jwt"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [
        "PS384",
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "ES256",
        "code token"RS256",
        "HS384",
        "code id_token"ES512",
        "PS256",
        "code id_token token"PS512",
        "RS512"
    ],
    "scopesclaims_supported": [
        "standard_bankidat_hash",
        "birthdate",
        "bankid_altsub",
        "address"given_name",
        "nonce",
        "acr",
        "phonec_hash",
        "operational-status-readupdated_at",
        "nnin_altsub",
        "auth_time",
        "name",
        "session_state",
        "family_name",
        "sub",
        "openidamr",
        "iss",
        "typ",
        "aud",
        "profilenbf",
        "operational-status-writeazp",
        "emailexp",
        ],"iat",
        "serverVersion": "bankid-oauth-api 1.2.7"jti",
        "realm_access",
        "resource_access"
    ],
    "subjectclaim_types_supported": [
        "publicnormal"
    ],
    "tokenclaims_parameter_endpointsupported": "https://preprod.bankidapis.no/oidc/oauth/token"false,
    "token_endpoint_auth_methods_scopes_supported": [
        "client_secret_post"openid",
        "profile",
        "address",
        "email",
        "phone",
        "nnin_altsub",
        "nnin",
        "sign",
        "signdoc/read_write",
        "fraud-data-rs/GetSecurityData",
        "clientaml_secret_person/basic"
    ],
    "ui_localesrequest_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "code_challenge_methods_supported": [
        "noplain",
        "enS256"
    ],
    "tls_client_certificate_bound_access_tokens": true,
    "userinfointrospection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect//preprodtoken/introspect",
    "fraud-data-baseurl": "https://frauddata-rs-current.bankidapis.no/oidc/oauth/userinfo/",
    "release": "2021-08",
    "signdoc-baseurl": "https://signdoc-rs-current.bankidapis.no/",
    "userinfo_signing_alg_valuesui_locales_supported": [
        "RS256"nb",
        "no",
        "noneen"
    ],
    "aml-baseurl": "https://aml-current.bankidapis.no/",
    }
"jwks_uri_enc": "https://auth.current.bankid.no/auth/realms/current/encryption/keys"
}