OpenID Connect 1.0 Endpoints
AM exposes the following OpenID Connect-related endpoints:
| AM Acting As... | Endpoint | Description |
|---|---|---|
| Provider | /oauth2/userinfo | Retrieves information about an authenticated user. It requires a valid token issued with, at least, the |
| Provider | /oauth2/idtokeninfo | Validates unencrypted ID tokens (AM-specific endpoint). |
| Provider | /oauth2/connect/checkSession | Retrieves OpenID Connect session information (OpenID Connect Session Management endpoint). |
| Provider | /oauth2/connect/endSession | Invalidates OpenID Connect sessions (OpenID Connect Session Management endpoint). |
| Provider | /oauth2/register | Registers, reads, and deletes OAuth 2.0 clients (RFC7592 and RFC7591) |
| Provider | /.well-known/webfinger | Exposes the URL of the OpenID provider during OpenID Connect discovery. |
| Provider | /oauth2/.well-known/openid-configuration | Exposes provider configuration for OpenID Connect discovery. |
| Provider | "/oauth2/connect/jwk_uri" | Exposes the public keys that clients can use to verify the signature of client-based tokens and to encrypt OpenID Connect requests sent as a JWT. |
| Relying Party | "/oauth2/connect/rp/jwk_uri" | Exposes AM client public keys. Providers can use them to encrypt ID tokens sent to AM, and to verify JWT and object signatures coming from AM. |
Tip
When AM acts as an OpenID Connect provider, the OAuth 2.0 endpoints support OpenID Connect specific parameters, such as prompt and ui_locales.
For a complete list of the endpoints and parameters AM supports as an OAuth 2.0/OpenID Connect provider, see OAuth 2.0 Endpoints and OAuth 2.0 Administration and Supporting REST Endpoints.