keycloak-scim/server_admin/topics/sso-protocols/con-server-oidc-uri-endpoints.adoc

[id="con-server-oidc-uri-endpoints_{context}"]

====  {project_name} server OIDC URI endpoints
[role="_abstract"]
The following is a list of OIDC endpoints that {project_name} publishes. These endpoints can be used when a non-{project_name} client adapter uses OIDC to communicate with the authentication server. They are all relative URLs. The root of the URL consists of the HTTP(S) protocol, hostname, and optionally the path:  For example

[source, subs="attributes"]
----
https://localhost:8080{kc_base_path}
----

/realms/{realm-name}/protocol/openid-connect/auth::
  Used for obtaining a temporary code in the Authorization Code Flow or obtaining tokens using the Implicit Flow, Direct Grants, or Client Grants.

/realms/{realm-name}/protocol/openid-connect/token::
  Used by the Authorization Code Flow to convert a temporary code into a token.

/realms/{realm-name}/protocol/openid-connect/logout::
  Used for performing logouts.

/realms/{realm-name}/protocol/openid-connect/userinfo::
  Used for the User Info service described in the OIDC specification.

/realms/{realm-name}/protocol/openid-connect/revoke::
  Used for OAuth 2.0 Token Revocation described in https://datatracker.ietf.org/doc/html/rfc7009[RFC7009].

/realms/{realm-name}/protocol/openid-connect/certs::
  Used for the JSON Web Key Set (JWKS) containing the public keys used to verify any JSON Web Token (jwks_uri)

/realms/{realm-name}/protocol/openid-connect/auth/device::
  Used for Device Authorization Grant to obtain a device code and a user code.

/realms/{realm-name}/protocol/openid-connect/ext/ciba/auth::
  This is the URL endpoint for Client Initiated Backchannel Authentication Grant to obtain an auth_req_id that identifies the authentication request made by the client.

/realms/{realm-name}/protocol/openid-connect/logout/backchannel-logout::
  This is the URL endpoint for performing backchannel logouts described in the OIDC specification.

In all of these, replace {realm-name} with the name of the realm.
KEYCLOAK-16234 initial commit (#41) * Fix Users TOC * KEYCLOAK-16234 initial commit * Modularization * messing * removes duplicate module calls * Post feedback changes Co-authored-by: Andy Munro <amunro@redhat.com> 2020-12-16 17:20:41 +00:00			`[id="con-server-oidc-uri-endpoints_{context}"]`

admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`==== {project_name} server OIDC URI endpoints`
KEYCLOAK-16234 initial commit (#41) * Fix Users TOC * KEYCLOAK-16234 initial commit * Modularization * messing * removes duplicate module calls * Post feedback changes Co-authored-by: Andy Munro <amunro@redhat.com> 2020-12-16 17:20:41 +00:00			`[role="_abstract"]`
Update documentation for Quarkus distribution (#1385) 2022-02-08 13:07:16 +00:00			`The following is a list of OIDC endpoints that {project_name} publishes. These endpoints can be used when a non-{project_name} client adapter uses OIDC to communicate with the authentication server. They are all relative URLs. The root of the URL consists of the HTTP(S) protocol, hostname, and optionally the path: For example`
KEYCLOAK-16234 initial commit (#41) * Fix Users TOC * KEYCLOAK-16234 initial commit * Modularization * messing * removes duplicate module calls * Post feedback changes Co-authored-by: Andy Munro <amunro@redhat.com> 2020-12-16 17:20:41 +00:00
			`[source, subs="attributes"]`
			`----`
Update documentation for Quarkus distribution (#1385) 2022-02-08 13:07:16 +00:00			`https://localhost:8080{kc_base_path}`
KEYCLOAK-16234 initial commit (#41) * Fix Users TOC * KEYCLOAK-16234 initial commit * Modularization * messing * removes duplicate module calls * Post feedback changes Co-authored-by: Andy Munro <amunro@redhat.com> 2020-12-16 17:20:41 +00:00			`----`

			`/realms/{realm-name}/protocol/openid-connect/auth::`
			`Used for obtaining a temporary code in the Authorization Code Flow or obtaining tokens using the Implicit Flow, Direct Grants, or Client Grants.`

			`/realms/{realm-name}/protocol/openid-connect/token::`
			`Used by the Authorization Code Flow to convert a temporary code into a token.`

			`/realms/{realm-name}/protocol/openid-connect/logout::`
			`Used for performing logouts.`

			`/realms/{realm-name}/protocol/openid-connect/userinfo::`
			`Used for the User Info service described in the OIDC specification.`

			`/realms/{realm-name}/protocol/openid-connect/revoke::`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00			`Used for OAuth 2.0 Token Revocation described in https://datatracker.ietf.org/doc/html/rfc7009[RFC7009].`
integrated latest changes into new files 2021-03-31 20:22:59 +00:00
			`/realms/{realm-name}/protocol/openid-connect/certs::`
			`Used for the JSON Web Key Set (JWKS) containing the public keys used to verify any JSON Web Token (jwks_uri)`
admin-reuse -- Found one more Data Grid link to fix based on a separate PR. 2021-06-17 14:39:30 +00:00
integrated latest changes into new files 2021-03-31 20:22:59 +00:00			`/realms/{realm-name}/protocol/openid-connect/auth/device::`
			`Used for Device Authorization Grant to obtain a device code and a user code.`

Reinstate missing endpoints auth and backchannel-logout descriptions were missing Closes #1468 2022-04-14 00:37:15 +00:00			`/realms/{realm-name}/protocol/openid-connect/ext/ciba/auth::`
			`This is the URL endpoint for Client Initiated Backchannel Authentication Grant to obtain an auth_req_id that identifies the authentication request made by the client.`

			`/realms/{realm-name}/protocol/openid-connect/logout/backchannel-logout::`
			`This is the URL endpoint for performing backchannel logouts described in the OIDC specification.`

integrated latest changes into new files 2021-03-31 20:22:59 +00:00			`In all of these, replace {realm-name} with the name of the realm.`