libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6
keycloak-scim/server_admin/topics/sso-protocols/con-server-oidc-uri-endpoints.adoc
AndyMunro 7047d6f340 Reinstate missing endpoints 
auth and backchannel-logout descriptions were missing

Closes #1468
2022-05-04 14:15:29 +02:00

39 lines
2 KiB
Text
Raw Blame History

[id="con-server-oidc-uri-endpoints_{context}"]
==== {project_name} server OIDC URI endpoints
[role="_abstract"]
The following is a list of OIDC endpoints that {project_name} publishes. These endpoints can be used when a non-{project_name} client adapter uses OIDC to communicate with the authentication server. They are all relative URLs. The root of the URL consists of the HTTP(S) protocol, hostname, and optionally the path: For example
[source, subs="attributes"]
----
https://localhost:8080{kc_base_path}
----
/realms/{realm-name}/protocol/openid-connect/auth::
Used for obtaining a temporary code in the Authorization Code Flow or obtaining tokens using the Implicit Flow, Direct Grants, or Client Grants.
/realms/{realm-name}/protocol/openid-connect/token::
Used by the Authorization Code Flow to convert a temporary code into a token.
/realms/{realm-name}/protocol/openid-connect/logout::
Used for performing logouts.
/realms/{realm-name}/protocol/openid-connect/userinfo::
Used for the User Info service described in the OIDC specification.
/realms/{realm-name}/protocol/openid-connect/revoke::
Used for OAuth 2.0 Token Revocation described in https://datatracker.ietf.org/doc/html/rfc7009[RFC7009].
/realms/{realm-name}/protocol/openid-connect/certs::
Used for the JSON Web Key Set (JWKS) containing the public keys used to verify any JSON Web Token (jwks_uri)
/realms/{realm-name}/protocol/openid-connect/auth/device::
Used for Device Authorization Grant to obtain a device code and a user code.
/realms/{realm-name}/protocol/openid-connect/ext/ciba/auth::
This is the URL endpoint for Client Initiated Backchannel Authentication Grant to obtain an auth_req_id that identifies the authentication request made by the client.
/realms/{realm-name}/protocol/openid-connect/logout/backchannel-logout::
This is the URL endpoint for performing backchannel logouts described in the OIDC specification.
In all of these, replace {realm-name} with the name of the realm.
Reference in a new issue View git blame Copy permalink