Interface: OpenIdConfiguration

Properties

issuer

readonly issuer: string

Authorization server's Issuer Identifier URL.

authorization_endpoint?

readonly optional authorization_endpoint: string

URL of the authorization server's authorization endpoint.

token_endpoint?

readonly optional token_endpoint: string

URL of the authorization server's token endpoint.

jwks_uri?

readonly optional jwks_uri: string

URL of the authorization server's JWK Set document.

registration_endpoint?

readonly optional registration_endpoint: string

URL of the authorization server's Dynamic Client Registration Endpoint.

scopes_supported?

readonly optional scopes_supported: string[]

JSON array containing a list of the scope values that this authorization server supports.

response_types_supported?

readonly optional response_types_supported: string[]

JSON array containing a list of the response_type values that this authorization server supports.

response_modes_supported?

readonly optional response_modes_supported: string[]

JSON array containing a list of the response_mode values that this authorization server supports.

grant_types_supported?

readonly optional grant_types_supported: string[]

JSON array containing a list of the grant_type values that this authorization server supports.

token_endpoint_auth_methods_supported?

readonly optional token_endpoint_auth_methods_supported: string[]

JSON array containing a list of client authentication methods supported by this token endpoint.

token_endpoint_auth_signing_alg_values_supported?

readonly optional token_endpoint_auth_signing_alg_values_supported: string[]

JSON array containing a list of the JWS signing algorithms supported by the token endpoint for the signature on the JWT used to authenticate the client at the token endpoint.

service_documentation?

readonly optional service_documentation: string

URL of a page containing human-readable information that developers might want or need to know when using the authorization server.

ui_locales_supported?

readonly optional ui_locales_supported: string[]

Languages and scripts supported for the user interface, represented as a JSON array of language tag values from RFC 5646.

op_policy_uri?

readonly optional op_policy_uri: string

URL that the authorization server provides to the person registering the client to read about the authorization server's requirements on how the client can use the data provided by the authorization server.

op_tos_uri?

readonly optional op_tos_uri: string

URL that the authorization server provides to the person registering the client to read about the authorization server's terms of service.

revocation_endpoint?

readonly optional revocation_endpoint: string

URL of the authorization server's revocation endpoint.

revocation_endpoint_auth_methods_supported?

readonly optional revocation_endpoint_auth_methods_supported: string[]

JSON array containing a list of client authentication methods supported by this revocation endpoint.

revocation_endpoint_auth_signing_alg_values_supported?

readonly optional revocation_endpoint_auth_signing_alg_values_supported: string[]

JSON array containing a list of the JWS signing algorithms supported by the revocation endpoint for the signature on the JWT used to authenticate the client at the revocation endpoint.

introspection_endpoint?

readonly optional introspection_endpoint: string

URL of the authorization server's introspection endpoint.

introspection_endpoint_auth_methods_supported?

readonly optional introspection_endpoint_auth_methods_supported: string[]

JSON array containing a list of client authentication methods supported by this introspection endpoint.

introspection_endpoint_auth_signing_alg_values_supported?

readonly optional introspection_endpoint_auth_signing_alg_values_supported: string[]

JSON array containing a list of the JWS signing algorithms supported by the introspection endpoint for the signature on the JWT used to authenticate the client at the introspection endpoint.

code_challenge_methods_supported?

readonly optional code_challenge_methods_supported: string[]

PKCE code challenge methods supported by this authorization server.

signed_metadata?

readonly optional signed_metadata: string

Signed JWT containing metadata values about the authorization server as claims.

device_authorization_endpoint?

readonly optional device_authorization_endpoint: string

URL of the authorization server's device authorization endpoint.

tls_client_certificate_bound_access_tokens?

readonly optional tls_client_certificate_bound_access_tokens: boolean

Indicates authorization server support for mutual-TLS client certificate-bound access tokens.

userinfo_endpoint?

readonly optional userinfo_endpoint: string

URL of the authorization server's UserInfo Endpoint.

acr_values_supported?

readonly optional acr_values_supported: string[]

JSON array containing a list of the Authentication Context Class References that this authorization server supports.

subject_types_supported?

readonly optional subject_types_supported: string[]

JSON array containing a list of the Subject Identifier types that this authorization server supports.

id_token_signing_alg_values_supported?

readonly optional id_token_signing_alg_values_supported: string[]

JSON array containing a list of the JWS alg values supported by the authorization server for the ID Token.

id_token_encryption_alg_values_supported?

readonly optional id_token_encryption_alg_values_supported: string[]

JSON array containing a list of the JWE alg values supported by the authorization server for the ID Token.

id_token_encryption_enc_values_supported?

readonly optional id_token_encryption_enc_values_supported: string[]

JSON array containing a list of the JWE enc values supported by the authorization server for the ID Token.

userinfo_signing_alg_values_supported?

readonly optional userinfo_signing_alg_values_supported: string[]

JSON array containing a list of the JWS alg values supported by the UserInfo Endpoint.

userinfo_encryption_alg_values_supported?

readonly optional userinfo_encryption_alg_values_supported: string[]

JSON array containing a list of the JWE alg values supported by the UserInfo Endpoint.

userinfo_encryption_enc_values_supported?

readonly optional userinfo_encryption_enc_values_supported: string[]

JSON array containing a list of the JWE enc values supported by the UserInfo Endpoint.

request_object_signing_alg_values_supported?

readonly optional request_object_signing_alg_values_supported: string[]

JSON array containing a list of the JWS alg values supported by the authorization server for Request Objects.

request_object_encryption_alg_values_supported?

readonly optional request_object_encryption_alg_values_supported: string[]

JSON array containing a list of the JWE alg values supported by the authorization server for Request Objects.

request_object_encryption_enc_values_supported?

readonly optional request_object_encryption_enc_values_supported: string[]

JSON array containing a list of the JWE enc values supported by the authorization server for Request Objects.

display_values_supported?

readonly optional display_values_supported: string[]

JSON array containing a list of the display parameter values that the authorization server supports.

claim_types_supported?

readonly optional claim_types_supported: string[]

JSON array containing a list of the Claim Types that the authorization server supports.

claims_supported?

readonly optional claims_supported: string[]

JSON array containing a list of the Claim Names of the Claims that the authorization server MAY be able to supply values for.

claims_locales_supported?

readonly optional claims_locales_supported: string[]

Languages and scripts supported for values in Claims being returned, represented as a JSON array of RFC 5646 language tag values.

claims_parameter_supported?

readonly optional claims_parameter_supported: boolean

Boolean value specifying whether the authorization server supports use of the claims parameter.

request_parameter_supported?

readonly optional request_parameter_supported: boolean

Boolean value specifying whether the authorization server supports use of the request parameter.

request_uri_parameter_supported?

readonly optional request_uri_parameter_supported: boolean

Boolean value specifying whether the authorization server supports use of the request_uri parameter.

require_request_uri_registration?

readonly optional require_request_uri_registration: boolean

Boolean value specifying whether the authorization server requires any request_uri values used to be pre-registered.

require_signed_request_object?

readonly optional require_signed_request_object: boolean

Indicates where authorization request needs to be protected as Request Object and provided through either request or request_uri parameter.

pushed_authorization_request_endpoint?

readonly optional pushed_authorization_request_endpoint: string

URL of the authorization server's pushed authorization request endpoint.

require_pushed_authorization_requests?

readonly optional require_pushed_authorization_requests: boolean

Indicates whether the authorization server accepts authorization requests only via PAR.

introspection_signing_alg_values_supported?

readonly optional introspection_signing_alg_values_supported: string[]

JSON array containing a list of algorithms supported by the authorization server for introspection response signing.

introspection_encryption_alg_values_supported?

readonly optional introspection_encryption_alg_values_supported: string[]

JSON array containing a list of algorithms supported by the authorization server for introspection response content key encryption (alg value).

introspection_encryption_enc_values_supported?

readonly optional introspection_encryption_enc_values_supported: string[]

JSON array containing a list of algorithms supported by the authorization server for introspection response content encryption (enc value).

authorization_response_iss_parameter_supported?

readonly optional authorization_response_iss_parameter_supported: boolean

Boolean value indicating whether the authorization server provides the iss parameter in the authorization response.

authorization_signing_alg_values_supported?

readonly optional authorization_signing_alg_values_supported: string[]

JSON array containing a list of algorithms supported by the authorization server for introspection response signing.

authorization_encryption_alg_values_supported?

readonly optional authorization_encryption_alg_values_supported: string[]

JSON array containing a list of algorithms supported by the authorization server for introspection response encryption (alg value).

authorization_encryption_enc_values_supported?

readonly optional authorization_encryption_enc_values_supported: string[]

JSON array containing a list of algorithms supported by the authorization server for introspection response encryption (enc value).

backchannel_authentication_endpoint?

readonly optional backchannel_authentication_endpoint: string

CIBA Backchannel Authentication Endpoint.

backchannel_authentication_request_signing_alg_values_supported?

readonly optional backchannel_authentication_request_signing_alg_values_supported: string[]

JSON array containing a list of the JWS signing algorithms supported for validation of signed CIBA authentication requests.

backchannel_token_delivery_modes_supported?

readonly optional backchannel_token_delivery_modes_supported: string[]

Supported CIBA authentication result delivery modes.

backchannel_user_code_parameter_supported?

readonly optional backchannel_user_code_parameter_supported: boolean

Indicates whether the authorization server supports the use of the CIBA user_code parameter.

check_session_iframe?

readonly optional check_session_iframe: string

URL of an authorization server iframe that supports cross-origin communications for session state information with the RP Client, using the HTML5 postMessage API.

dpop_signing_alg_values_supported?

readonly optional dpop_signing_alg_values_supported: string[]

JSON array containing a list of the JWS algorithms supported for DPoP proof JWTs.

end_session_endpoint?

readonly optional end_session_endpoint: string

URL at the authorization server to which an RP can perform a redirect to request that the End-User be logged out at the authorization server.

frontchannel_logout_session_supported?

readonly optional frontchannel_logout_session_supported: boolean

Boolean value specifying whether the authorization server can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the authorization server when the frontchannel_logout_uri is used.

frontchannel_logout_supported?

readonly optional frontchannel_logout_supported: boolean

Boolean value specifying whether the authorization server supports HTTP-based logout.

backchannel_logout_session_supported?

readonly optional backchannel_logout_session_supported: boolean

Boolean value specifying whether the authorization server can pass a sid (session ID) Claim in the Logout Token to identify the RP session with the OP.

backchannel_logout_supported?

readonly optional backchannel_logout_supported: boolean

Boolean value specifying whether the authorization server supports back-channel logout.

Properties​

issuer​

authorization_endpoint?​

token_endpoint?​

jwks_uri?​

registration_endpoint?​

scopes_supported?​

response_types_supported?​

response_modes_supported?​

grant_types_supported?​

token_endpoint_auth_methods_supported?​

token_endpoint_auth_signing_alg_values_supported?​

service_documentation?​

ui_locales_supported?​

op_policy_uri?​

op_tos_uri?​

revocation_endpoint?​

revocation_endpoint_auth_methods_supported?​

revocation_endpoint_auth_signing_alg_values_supported?​

introspection_endpoint?​

introspection_endpoint_auth_methods_supported?​

introspection_endpoint_auth_signing_alg_values_supported?​

code_challenge_methods_supported?​

signed_metadata?​

device_authorization_endpoint?​

tls_client_certificate_bound_access_tokens?​

userinfo_endpoint?​

acr_values_supported?​

subject_types_supported?​

id_token_signing_alg_values_supported?​

id_token_encryption_alg_values_supported?​

id_token_encryption_enc_values_supported?​

userinfo_signing_alg_values_supported?​

userinfo_encryption_alg_values_supported?​

userinfo_encryption_enc_values_supported?​

request_object_signing_alg_values_supported?​

request_object_encryption_alg_values_supported?​

request_object_encryption_enc_values_supported?​

display_values_supported?​

claim_types_supported?​

claims_supported?​

claims_locales_supported?​

claims_parameter_supported?​

request_parameter_supported?​

request_uri_parameter_supported?​

require_request_uri_registration?​

require_signed_request_object?​

pushed_authorization_request_endpoint?​

require_pushed_authorization_requests?​

introspection_signing_alg_values_supported?​

introspection_encryption_alg_values_supported?​

introspection_encryption_enc_values_supported?​

authorization_response_iss_parameter_supported?​

authorization_signing_alg_values_supported?​

authorization_encryption_alg_values_supported?​

authorization_encryption_enc_values_supported?​

backchannel_authentication_endpoint?​

backchannel_authentication_request_signing_alg_values_supported?​

backchannel_token_delivery_modes_supported?​

backchannel_user_code_parameter_supported?​

check_session_iframe?​

dpop_signing_alg_values_supported?​

end_session_endpoint?​

frontchannel_logout_session_supported?​

frontchannel_logout_supported?​

backchannel_logout_session_supported?​

backchannel_logout_supported?​