OIDC website screenshot

OIDC

OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that enables clients to verify the identity of end-users based on authentication performed by an authorization server. It provides a standardized way to obtain basic profile information about users through RESTful endpoints including discovery, authorization, token, userinfo, and JWKS.

1 APIs 0 Features
AuthenticationIdentityJWTOAuthOIDCOpenID Connect

APIs

OpenID Connect API

Core OpenID Connect API endpoints for authentication and identity, including discovery, authorization, token exchange, and user information.

Collections

Pricing Plans

Oidc Plans Pricing

3 plans

PLANS

Rate Limits

Oidc Rate Limits

5 limits

RATE LIMITS

FinOps

Oidc Finops

FINOPS

Resources

🔗
Website
Website
🔗
Documentation
Documentation
🔗
Reference
Reference

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: OpenID Connect API
  version: '1.0'
items:
- info:
    name: Discovery
    type: folder
  items:
  - info:
      name: OpenID Connect Discovery
      type: http
    http:
      method: GET
      url: https://{issuer}/.well-known/openid-configuration
    docs: Returns the OpenID Provider Configuration Information document, which contains metadata about the OpenID Provider
      including its issuer, supported endpoints, scopes, response types, and other capabilities.
- info:
    name: Authentication
    type: folder
  items:
  - info:
      name: Authorization Endpoint
      type: http
    http:
      method: GET
      url: https://{issuer}/authorize
      params:
      - name: response_type
        value: ''
        type: query
        description: The value must include 'code' for the Authorization Code Flow, 'id_token' for the Implicit Flow, or 'code
          id_token' for the Hybrid Flow.
      - name: client_id
        value: ''
        type: query
        description: The client identifier issued during registration.
      - name: redirect_uri
        value: ''
        type: query
        description: The redirection URI to which the response will be sent. Must exactly match one of the redirection URIs
          registered for the client.
      - name: scope
        value: ''
        type: query
        description: Space-delimited list of scopes. Must include 'openid' to indicate an OIDC request. May also include 'profile',
          'email', 'address', and 'phone'.
      - name: state
        value: ''
        type: query
        description: An opaque value used by the client to maintain state between the request and callback. Recommended for
          CSRF protection.
      - name: nonce
        value: ''
        type: query
        description: A string value used to associate a client session with an ID Token and to mitigate replay attacks. Required
          for implicit flow.
      - name: prompt
        value: ''
        type: query
        description: Space-delimited list of values that specifies whether the authorization server prompts the end-user for
          reauthentication and consent.
      - name: login_hint
        value: ''
        type: query
        description: A hint to the authorization server about the login identifier the end-user might use.
      - name: acr_values
        value: ''
        type: query
        description: Requested Authentication Context Class Reference values.
      - name: code_challenge
        value: ''
        type: query
        description: PKCE code challenge derived from the code verifier.
      - name: code_challenge_method
        value: ''
        type: query
        description: Code challenge method used to derive the code challenge.
    docs: Performs authentication of the end-user. The authorization endpoint is used to interact with the resource owner
      and obtain an authorization grant. The endpoint handles the authentication flow and redirects back to the client with
      an authorization code or tokens depending on the response type.
- info:
    name: Token
    type: folder
  items:
  - info:
      name: Token Endpoint
      type: http
    http:
      method: POST
      url: https://{issuer}/token
      body:
        type: form-urlencoded
        data:
        - name: grant_type
          value: ''
        - name: code
          value: ''
        - name: redirect_uri
          value: ''
        - name: client_id
          value: ''
        - name: client_secret
          value: ''
        - name: refresh_token
          value: ''
        - name: scope
          value: ''
        - name: code_verifier
          value: ''
    docs: Exchanges an authorization code, refresh token, or client credentials for an access token and optionally a refresh
      token and ID token. The token endpoint is used by the client to obtain tokens after receiving an authorization code
      from the authorization endpoint.
- info:
    name: UserInfo
    type: folder
  items:
  - info:
      name: UserInfo Endpoint
      type: http
    http:
      method: GET
      url: https://{issuer}/userinfo
      auth:
        type: bearer
        token: '{{bearerToken}}'
    docs: Returns claims about the authenticated end-user. The caller must present a valid access token obtained through OIDC
      authentication. The claims returned depend on the scopes granted during authorization.
  - info:
      name: UserInfo Endpoint (POST)
      type: http
    http:
      method: POST
      url: https://{issuer}/userinfo
      auth:
        type: bearer
        token: '{{bearerToken}}'
    docs: Returns claims about the authenticated end-user using a POST request. Functionally identical to the GET variant.
- info:
    name: JWKS
    type: folder
  items:
  - info:
      name: JSON Web Key Set Endpoint
      type: http
    http:
      method: GET
      url: https://{issuer}/.well-known/jwks.json
    docs: Returns the JSON Web Key Set (JWKS) containing the public keys used by the OpenID Provider to sign tokens. Clients
      use these keys to verify the signatures of ID tokens and other signed artifacts.
- info:
    name: Session
    type: folder
  items:
  - info:
      name: End Session Endpoint
      type: http
    http:
      method: GET
      url: https://{issuer}/end-session
      params:
      - name: id_token_hint
        value: ''
        type: query
        description: The ID token previously issued to the client.
      - name: post_logout_redirect_uri
        value: ''
        type: query
        description: The URI to redirect to after logout.
      - name: state
        value: ''
        type: query
        description: Opaque value for maintaining state between request and callback.
    docs: Initiates the logout process. The end-user is redirected to this endpoint to log out of the OpenID Provider. Supports
      RP-Initiated Logout as defined in the OIDC Session Management specification.
bundled: true