[id="con-server-oidc-uri-endpoints_{context}"]

====  {project_name} server OIDC URI endpoints
[role="_abstract"]
The following is a list of OIDC endpoints that {project_name} publishes. These endpoints can be used when a non-{project_name} client adapter uses OIDC to communicate with the authentication server. They are all relative URLs. The root of the URL consists of the HTTP(S) protocol, hostname, and optionally the path:  For example

[source, subs="attributes"]
----
https://localhost:8080{kc_base_path}
----

/realms/{realm-name}/protocol/openid-connect/auth::
  Used for obtaining a temporary code in the Authorization Code Flow or obtaining tokens using the Implicit Flow, Direct Grants, or Client Grants.

/realms/{realm-name}/protocol/openid-connect/token::
  Used by the Authorization Code Flow to convert a temporary code into a token.

/realms/{realm-name}/protocol/openid-connect/logout::
  Used for performing logouts.

/realms/{realm-name}/protocol/openid-connect/userinfo::
  Used for the User Info service described in the OIDC specification.

/realms/{realm-name}/protocol/openid-connect/revoke::
  Used for OAuth 2.0 Token Revocation described in https://datatracker.ietf.org/doc/html/rfc7009[RFC7009].

/realms/{realm-name}/protocol/openid-connect/certs::
  Used for the JSON Web Key Set (JWKS) containing the public keys used to verify any JSON Web Token (jwks_uri)

/realms/{realm-name}/protocol/openid-connect/auth/device::
  Used for Device Authorization Grant to obtain a device code and a user code.

/realms/{realm-name}/protocol/openid-connect/ext/ciba/auth::
  This is the URL endpoint for Client Initiated Backchannel Authentication Grant to obtain an auth_req_id that identifies the authentication request made by the client.

/realms/{realm-name}/protocol/openid-connect/logout/backchannel-logout::
  This is the URL endpoint for performing backchannel logouts described in the OIDC specification.

In all of these, replace {realm-name} with the name of the realm.