keycloak-scim/docs/documentation/server_admin/topics/sso-protocols/con-server-oidc-uri-endpoints.adoc
Alexander Schwartz 4dcb819c06 Moving docs to new folder
CIAM-5056
2023-03-20 09:07:58 +01:00

39 lines
2 KiB
Text

[id="con-server-oidc-uri-endpoints_{context}"]
==== {project_name} server OIDC URI endpoints
[role="_abstract"]
The following is a list of OIDC endpoints that {project_name} publishes. These endpoints can be used when a non-{project_name} client adapter uses OIDC to communicate with the authentication server. They are all relative URLs. The root of the URL consists of the HTTP(S) protocol, hostname, and optionally the path: For example
[source, subs="attributes"]
----
https://localhost:8080{kc_base_path}
----
/realms/{realm-name}/protocol/openid-connect/auth::
Used for obtaining a temporary code in the Authorization Code Flow or obtaining tokens using the Implicit Flow, Direct Grants, or Client Grants.
/realms/{realm-name}/protocol/openid-connect/token::
Used by the Authorization Code Flow to convert a temporary code into a token.
/realms/{realm-name}/protocol/openid-connect/logout::
Used for performing logouts.
/realms/{realm-name}/protocol/openid-connect/userinfo::
Used for the User Info service described in the OIDC specification.
/realms/{realm-name}/protocol/openid-connect/revoke::
Used for OAuth 2.0 Token Revocation described in https://datatracker.ietf.org/doc/html/rfc7009[RFC7009].
/realms/{realm-name}/protocol/openid-connect/certs::
Used for the JSON Web Key Set (JWKS) containing the public keys used to verify any JSON Web Token (jwks_uri)
/realms/{realm-name}/protocol/openid-connect/auth/device::
Used for Device Authorization Grant to obtain a device code and a user code.
/realms/{realm-name}/protocol/openid-connect/ext/ciba/auth::
This is the URL endpoint for Client Initiated Backchannel Authentication Grant to obtain an auth_req_id that identifies the authentication request made by the client.
/realms/{realm-name}/protocol/openid-connect/logout/backchannel-logout::
This is the URL endpoint for performing backchannel logouts described in the OIDC specification.
In all of these, replace {realm-name} with the name of the realm.