Document toolboxDocument toolbox

Openid-configuration

Owned by Kristoffer Kristoffer (Unlicensed)
Last updated: 22 Aug 2023 by Matheus SrebroVersion comment
5 min read

Openid-configuration is a standard endpoint that returns configuration metadata in terms of key properties of the OIDC Provider. 

Overview

URL https://<oidc-baseurl>/.well-known/openid-configuration
RequestGET without any parameters
AuthenticationNone
Success response200 OK with JSON structure according to standard.
Error reponseApplicable http error code
ExampleSee 24877944


Example

The following example shows a request / response pair for the openid-configuration endpoint.

Request / Response
GET /auth/realms/current/.well-known/openid-configuration HTTP/1.1
Host: auth.current.bankid.no
User-Agent: curl/7.64.1
Accept: */*

HTTP/1.1 200 OK
Date: Wed, 18 Aug 2021 10:26:35 GMT
Server: web
Cache-Control: no-cache, must-revalidate, no-transform, no-store
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Type: application/json
Content-Length: 3000

{
    "issuer": "https://auth.current.bankid.no/auth/realms/current",
    "authorization_endpoint": "https://auth.current.bankid.no/auth/realms/current/precheck/auth",
    "token_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token",
    "token_introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
    "userinfo_endpoint": "https://userinfo.current.bankid.no/userinfo",
    "end_session_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/logout",
    "jwks_uri": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/certs",
    "check_session_iframe": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/login-status-iframe.html",
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "refresh_token",
        "password",
        "client_credentials"
    ],
    "response_types_supported": [
        "code",
        "none",
        "id_token",
        "token",
        "id_token token",
        "code id_token",
        "code token",
        "code id_token token"
    ],
    "subject_types_supported": [
        "public",
        "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
        "PS384",
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "ES256",
        "RS256",
        "HS384",
        "ES512",
        "PS256",
        "PS512",
        "RS512"
    ],
    "id_token_encryption_alg_values_supported": [
        "RSA-OAEP",
        "RSA1_5"
    ],
    "id_token_encryption_enc_values_supported": [
        "A128GCM",
        "A128CBC-HS256"
    ],
    "userinfo_signing_alg_values_supported": [
        "RS256"
    ],
    "request_object_signing_alg_values_supported": [
        "PS384",
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "ES256",
        "RS256",
        "HS384",
        "ES512",
        "PS256",
        "PS512",
        "RS512",
        "none"
    ],
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_basic",
        "client_secret_post",
        "tls_client_auth",
        "client_secret_jwt"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [
        "PS384",
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "ES256",
        "RS256",
        "HS384",
        "ES512",
        "PS256",
        "PS512",
        "RS512"
    ],
    "claims_supported": [
        "at_hash",
        "birthdate",
        "bankid_altsub",
        "given_name",
        "nonce",
        "acr",
        "c_hash",
        "updated_at",
        "nnin_altsub",
        "auth_time",
        "name",
        "session_state",
        "family_name",
        "sub",
        "amr",
        "iss",
        "typ",
        "aud",
        "nbf",
        "azp",
        "exp",
        "iat",
        "jti",
        "realm_access",
        "resource_access"
    ],
    "claim_types_supported": [
        "normal"
    ],
    "claims_parameter_supported": false,
    "scopes_supported": [
        "openid",
        "profile",
        "address",
        "email",
        "phone",
        "nnin_altsub",
        "nnin",
        "sign",
        "signdoc/read_write",
        "fraud-data-rs/GetSecurityData",
        "aml_person/basic"
    ],
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "code_challenge_methods_supported": [
        "plain",
        "S256"
    ],
    "tls_client_certificate_bound_access_tokens": true,
    "introspection_endpoint": "https://auth.current.bankid.no/auth/realms/current/protocol/openid-connect/token/introspect",
    "fraud-data-baseurl": "https://frauddata-rs-current.bankidapis.no/",
    "release": "2021-08",
    "signdoc-baseurl": "https://signdoc-rs-current.bankidapis.no/",
    "ui_locales_supported": [
        "nb",
        "no",
        "en"
    ],
    "aml-baseurl": "https://aml-current.bankidapis.no/",
    "jwks_uri_enc": "https://auth.current.bankid.no/auth/realms/current/encryption/keys"
}