PingOne Advanced Identity Cloud

OIDC 1.0 endpoints

Your applications can use the following OpenID Connect (OIDC) endpoints:

Endpoint Description PingOne Advanced Identity Cloud is the...

/oauth2/userinfo

Retrieve information about an authenticated end user (UserInfo endpoint); requires a valid token with at least the openid scope.

Provider

/oauth2/idtokeninfo

Validate an unencrypted ID token (PingOne Advanced Identity Cloud-specific endpoint).

Provider

/oauth2/connect/checkSession

Retrieve OpenID Connect session information (session management endpoint).

Provider

/oauth2/connect/endSession

Terminate an OpenID Connect session (session management endpoint).

Provider

/oauth2/register

Register, read, or delete a client profile (dynamic client registration endpoint)

Provider

/.well-known/webfinger

Let a client application discover the OpenID provider URL of an end user (WebFinger discovery endpoint).

Provider

/oauth2/.well-known/openid-configuration

Let a relying party discover the OpenID provider configuration.

Provider

/oauth2/connect/jwk_uri

Retrieve the OpenID provider’s public keys to verify client-side token signatures or to encrypt OIDC JWTs in requests.

Provider

/oauth2/connect/rp/jwk_uri

Retrieve PingOne Advanced Identity Cloud client public keys for providers to encrypt ID tokens and verify signatures.

Relying party

Many OAuth 2.0 endpoints also support OIDC. For reference documentation, refer to:

Copyright © 2010-2024 ForgeRock, all rights reserved.