OpenID 디스커버리 엔드포인트 /.well-known/openid-configuration

1 개요[ | ]

OpenID Discovery Endpoint, OpenID Connect Discovery, OIDC Discovery, OpenID Provider Configuration, OpenID Provider Configuration Document
오픈ID 디스커버리 엔드포인트, OIDC 디스커버리
/.well-known/openid-configuration

 

2 구글[ | ]

root@localhost:~# curl https://accounts.google.com/.well-known/openid-configuration
{
 "issuer": "https://accounts.google.com",
 "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth",
 "token_endpoint": "https://oauth2.googleapis.com/token",
 "userinfo_endpoint": "https://openidconnect.googleapis.com/v1/userinfo",
 "revocation_endpoint": "https://oauth2.googleapis.com/revoke",
 "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs",
 "response_types_supported": [
  "code",
  "token",
  "id_token",
  "code token",
  "code id_token",
  "token id_token",
  "code token id_token",
  "none"
 ],
 "subject_types_supported": [
  "public"
 ],
 "id_token_signing_alg_values_supported": [
  "RS256"
 ],
 "scopes_supported": [
  "openid",
  "email",
  "profile"
 ],
 "token_endpoint_auth_methods_supported": [
  "client_secret_post",
  "client_secret_basic"
 ],
 "claims_supported": [
  "aud",
  "email",
  "email_verified",
  "exp",
  "family_name",
  "given_name",
  "iat",
  "iss",
  "locale",
  "name",
  "picture",
  "sub"
 ],
 "code_challenge_methods_supported": [
  "plain",
  "S256"
 ]
}

3 Okta[ | ]

root@localhost:~# curl -s https://dev-913570.okta.com/.well-known/openid-configuration?client_id=0oq2suwy4aceTgikV681 | jq
{
  "issuer": "https://dev-913570.okta.com",
  "authorization_endpoint": "https://dev-913570.okta.com/oauth2/v1/authorize",
  "token_endpoint": "https://dev-913570.okta.com/oauth2/v1/token",
  "userinfo_endpoint": "https://dev-913570.okta.com/oauth2/v1/userinfo",
  "registration_endpoint": "https://dev-913570.okta.com/oauth2/v1/clients/0oq2suwy4aceTgikV681",
  "jwks_uri": "https://dev-913570.okta.com/oauth2/v1/keys?client_id=0oq2suwy4aceTgikV681",
  "response_types_supported": [
    "code"
  ],
  "response_modes_supported": [
    "query",
    "fragment",
    "form_post",
    "okta_post_message"
  ],
  "grant_types_supported": [
    "authorization_code"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "profile",
    "address",
    "phone"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "claims_supported": [
    "iss",
    "ver",
    "sub",
    "aud",
    "iat",
    "exp",
    "jti",
    "auth_time",
    "amr",
    "idp",
    "nonce",
    "name",
    "nickname",
    "preferred_username",
    "given_name",
    "middle_name",
    "family_name",
    "email",
    "email_verified",
    "profile",
    "zoneinfo",
    "locale",
    "address",
    "phone_number",
    "picture",
    "website",
    "gender",
    "birthdate",
    "updated_at",
    "at_hash",
    "c_hash"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "introspection_endpoint": "https://dev-913570.okta.com/oauth2/v1/introspect",
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "revocation_endpoint": "https://dev-913570.okta.com/oauth2/v1/revoke",
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "end_session_endpoint": "https://dev-913570.okta.com/oauth2/v1/logout",
  "request_parameter_supported": true,
  "request_object_signing_alg_values_supported": [
    "HS256",
    "HS384",
    "HS512"
  ]
}

4 dex[ | ]

$ curl dex:32000/.well-known/openid-configuration
{
  "issuer": "http://dex.io:8080",
  "authorization_endpoint": "http://dex.io:8080/auth",
  "token_endpoint": "http://dex.io:8080/token",
  "jwks_uri": "http://dex.io:8080/keys",
  "userinfo_endpoint": "http://dex.io:8080/userinfo",
  "response_types_supported": [
    "code"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "scopes_supported": [
    "openid",
    "email",
    "groups",
    "profile",
    "offline_access"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic"
  ],
  "claims_supported": [
    "aud",
    "email",
    "email_verified",
    "exp",
    "iat",
    "iss",
    "locale",
    "name",
    "sub"
  ]
}

5 같이 보기[ | ]

6 참고[ | ]

문서 댓글 ({{ doc_comments.length }})
{{ comment.name }} {{ comment.created | snstime }}