Skip to main content

Well Known Configuration

From the provider's Well-Known Configuration Endpoint, returns the OpenID Connect configuration values. It specifies a sign-in flow that allows a client application to authenticate a user and acquire information (or "claims") about that user, such as the user's name, email id, and some other data. A secure JSON Web Token (JWT) called ID token is used to store user identity information.

Resource Informations

NameValue
Requires authentication?No
Rate limited?No

Request

HTTP request

GET https://{hostname}/auth/realms/{tenantId}/.well-known/openid-configuration
note

API requests must be made over https. Calls made over plain http will fail.

Parameters

No parameters fields are required.

Request body

No request body fields are required.

Subdomain

KeyValue
SubdomainSet to the subdomain of your mID instance.
Requirede.g. oidc-sample where the instance is https://grootantest1.api.midentity.one

Sample Response

{
    "issuer": "https://{tenantId}.{hostname}/auth/realms/{realmName}",
    "authorization_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/auth",
    "token_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/login",
    "token_introspection_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/token/introspect",
    "userinfo_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/userinfo",
    "end_session_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/logout",
    "jwks_uri": "https://{tenantId}.{hostname}/digitanium/v3/certs",
    "check_session_iframe": "https://{tenantId}.{hostname}/digitanium/v3/login-status-iframe.html",
    "grant_types_supported": [
        "authorization_code",
        "implicit",
        "refresh_token",
        "password",
        "client_credentials"
    ],
    "response_types_supported": [
        "code",
        "none",
        "id_token",
        "token",
        "id_token token",
        "code id_token",
        "code token",
        "code id_token token"
    ],
    "subject_types_supported": [
        "public",
        "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "ES256",
        "RS256",
        "HS384",
        "ES512",
        "RS512"
    ],
    "userinfo_signing_alg_values_supported": [
        "ES384",
        "RS384",
        "HS256",
        "HS512",
        "ES256",
        "RS256",
        "HS384",
        "ES512",
        "RS512",
        "none"
    ],
    "request_object_signing_alg_values_supported": [
        "ES384",
        "RS384",
        "ES256",
        "RS256",
        "ES512",
        "RS512",
        "none"
    ],
    "response_modes_supported": [
        "query",
        "fragment",
        "form_post"
    ],
    "registration_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/clients-registrations/openid-connect",
    "token_endpoint_auth_methods_supported": [
        "private_key_jwt",
        "client_secret_basic",
        "client_secret_post",
        "client_secret_jwt"
    ],
    "token_endpoint_auth_signing_alg_values_supported": [
        "RS256"
    ],
    "claims_supported": [
        "aud",
        "sub",
        "iss",
        "auth_time",
        "name",
        "given_name",
        "family_name",
        "preferred_username",
        "email"
    ],
    "claim_types_supported": [
        "normal"
    ],
    "claims_parameter_supported": false,
    "scopes_supported": [
        "openid",
        "profile",
        "email",
        "address",
        "offline_access",
        "phone",
        "roles",
        "web-origins"
    ],
    "request_parameter_supported": true,
    "request_uri_parameter_supported": true,
    "code_challenge_methods_supported": [
        "plain",
        "S256"
    ],
    "tls_client_certificate_bound_access_tokens": true,
    "introspection_endpoint": "https://{tenantId}.{hostname}/digitanium/v3/token/introspect"
    

}

Response Elements

ElementsDescription
issuerThe base URL of the mID OpenID Connect server.
authorization_endpointThe Open ID provider server endpoint where the user is asked to authenticate and grant the client app access to the user’s identity (ID token) and potentially other requested details, such as email and name (called UserInfo claims). This URL plus client ID, redirect URI, response type, etc., makes up the Request URI.
token_endpointThe token endpoint authenticates the client app, then lets it exchange the code received from the authorization endpoint for an ID token and access token.
token_introspection_endpointThe token introspection endpoint enables the client to validate the JWT access token.
userinfo_endpointThe userinfo endpoint returns previously consented user profile information to the client app.
end_session_endpointwip
jwks_uriThe URI of the JWK set that contains the public keys used to verify the authenticity of the JWT tokens passed between mID and the client app.
check_session_iframewip
grant_types_supportedThe OAuth 2.0 grant types supported by mID.
response_types_supportedAn array containing a list of the OAuth 2.0 response_type values that this OP supports.
subject_types_supportedAn array containing a list of the Subject Identifier types that this OP supports.
id_token_signing_alg_values_supportedAn array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT.
userinfo_signing_alg_values_supportedarray containing a list of the JWS signing algorithms (alg values) supported by the UserInfo Endpoint to encode the Claims in a JWT.
request_object_signing_alg_values_supportedAn array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects.
response_modes_supportedarray containing a list of the OAuth 2.0 response_mode values that this OP supports.
registration_endpointThe Registration Endpoint is an OAuth 2.0 Protected Resource through which a new Client registration can be requested. The OpenID Provider may require an Initial Access Token that is provisioned to restrict registration requests to only authorized Clients or developers.
token_endpoint_auth_methods_supportedAn array containing a list of Client Authentication methods supported by this Token Endpoint.
token_endpoint_auth_signing_alg_values_supportedAn array containing a list of the JWS signing algorithms (alg values) supported by the Token Endpoint for the signature on the JWT used to authenticate the Client at the Token Endpoint.
claimsEach scope returns a set of user attributes, which are called claims.
claims_supportedAn array containing a list of the Claim Names of the Claims that the OpenID Provider may be able to supply values for.
claim_types_supportedAn array containing a list of the Claim Types that the OpenID Provider supports.
claims_parameter_supportedBoolean value specifying whether the OP supports use of the claims parameter. True indicates support. If omitted, the default value is false.
scopesOpenID Connect scopes are used by an application during authentication to authorize access to a user's details, like name and picture.
scopes_supportedAn array containing a list of the OAuth 2.0 scope values that this server supports.
request_parameter_supportedBoolean value specifying whether the OP supports use of the request parameter. True indicates support. If omitted, the default value is false.
request_uri_parameter_supportedBoolean value specifying whether the OP supports use of the request_uri parameter. True indicates support. If omitted, the default value is true.
code_challenge_methods_supportedwip
tls_client_certificate_bound_access_tokenswip
introspection_endpointThe token introspection endpoint enables the client to validate the JWT access token.
request_object_signing_alg_values_supportedAn array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects.