keycloak-scim/server_admin/topics/sso-protocols/con-server-oidc-uri-endpoints.adoc
2021-09-21 08:58:46 +02:00

33 lines
1.6 KiB
Text

[id="con-server-oidc-uri-endpoints_{context}"]
==== {project_name} Server OIDC URI Endpoints
[role="_abstract"]
The following is a list of OIDC endpoints that {project_name} publishes. These endpoints can be used when a non-{project_name} client adapter uses OIDC to communicate with the authentication server. They are all relative URLs. The root of the URL consists of the HTTP(S) protocol, hostname, and the path, which is usually prefixed with _/auth_: For example
[source, subs="attributes"]
----
https://localhost:8080/auth
----
/realms/{realm-name}/protocol/openid-connect/auth::
Used for obtaining a temporary code in the Authorization Code Flow or obtaining tokens using the Implicit Flow, Direct Grants, or Client Grants.
/realms/{realm-name}/protocol/openid-connect/token::
Used by the Authorization Code Flow to convert a temporary code into a token.
/realms/{realm-name}/protocol/openid-connect/logout::
Used for performing logouts.
/realms/{realm-name}/protocol/openid-connect/userinfo::
Used for the User Info service described in the OIDC specification.
/realms/{realm-name}/protocol/openid-connect/revoke::
Used for OAuth 2.0 Token Revocation described in https://tools.ietf.org/html/rfc7009[RFC7009].
/realms/{realm-name}/protocol/openid-connect/certs::
Used for the JSON Web Key Set (JWKS) containing the public keys used to verify any JSON Web Token (jwks_uri)
/realms/{realm-name}/protocol/openid-connect/auth/device::
Used for Device Authorization Grant to obtain a device code and a user code.
In all of these, replace {realm-name} with the name of the realm.