Access Management 7.2.2

OpenID Connect 1.0 endpoints

AM exposes the following OpenID Connect-related endpoints:

AM Acting As…​ Endpoint Description

Provider

Retrieves information about an authenticated user. It requires a valid token issued with, at least, the openid scope (OpenID Connect userinfo endpoint).

Provider

Validates unencrypted ID tokens (AM-specific endpoint).

Provider

Retrieves OpenID Connect session information (OpenID Connect Session Management endpoint).

Provider

Invalidates OpenID Connect sessions (OpenID Connect Session Management endpoint).

Provider

Registers, reads, and deletes OAuth 2.0 clients (RFC7592 and RFC7591)

Provider

Exposes the URL of the OpenID provider during OpenID Connect discovery.

Provider

Exposes provider configuration for OpenID Connect discovery.

Provider

Exposes the public keys that clients can use to verify the signature of client-side tokens and to encrypt OpenID Connect requests sent as a JWT.

Relying Party

Exposes AM client public keys. Providers can use them to encrypt ID tokens sent to AM, and to verify JWT and object signatures coming from AM.

When AM acts as an OpenID Connect provider, the OAuth 2.0 endpoints support OpenID Connect specific parameters, such as prompt and ui_locales.

For a complete list of the endpoints and parameters AM supports as an OAuth 2.0/OpenID Connect provider, see OAuth 2.0 endpoints and OAuth 2.0 administration REST endpoints.

Copyright © 2010-2024 ForgeRock, all rights reserved.