OpenID Connect 1.0 Endpoints

AM exposes the following OpenID Connect-related endpoints:

AM Acting As...EndpointDescription

Retrieves information about an authenticated user. It requires a valid token issued with, at least, the openid scope (OpenID Connect userinfo endpoint).

Provider/oauth2/idtokeninfoValidates unencrypted ID tokens (AM-specific endpoint).
Provider/oauth2/connect/checkSessionRetrieves OpenID Connect session information (OpenID Connect Session Management endpoint).
Provider/oauth2/connect/endSessionInvalidates OpenID Connect sessions (OpenID Connect Session Management endpoint).
Provider/oauth2/registerRegisters, reads, and deletes OAuth 2.0 clients (RFC7592 and RFC7591)
Provider/.well-known/webfingerExposes the URL of the OpenID provider during OpenID Connect discovery.
Provider/oauth2/.well-known/openid-configurationExposes provider configuration for OpenID Connect discovery.

Exposes the public keys that clients can use to verify the signature of client-based tokens and to encrypt OpenID Connect requests sent as a JWT.

Relying Party"/oauth2/connect/rp/jwk_uri"

Exposes AM client public keys. Providers can use them to encrypt ID tokens sent to AM, and to verify JWT and object signatures coming from AM.


When AM acts as an OpenID Connect provider, the OAuth 2.0 endpoints support OpenID Connect specific parameters, such as prompt and ui_locales.

For a complete list of the endpoints and parameters AM supports as an OAuth 2.0/OpenID Connect provider, see OAuth 2.0 Endpoints and OAuth 2.0 Administration and Supporting REST Endpoints.

Read a different version of :