OpenID Configuration

The OpenID metadata describing the configuration as defined by Section 3. OpenID Provider Metadata.

Request#

Returns the well known OpenID Configuration JSON document

GET/{tenantId}/.well-known/openid-configuration

URL segment#

tenantIdUUIDrequiredAvailable since 1.46.0

The tenant identifier.

GET/.well-known/openid-configuration
OpenAPI Spec

Request Parameters#

tenantIdUUIDoptionalAvailable since 1.8.0

The tenant identifier. If provided then a specific issuer will be returned, when this property is not provided the default tenant Id will be used.

Response#

The response for this request should always return a 200 with a JSON body.

Example JSON Response

{
  "authorization_endpoint": "https://piedpiper.fusionauth.io/oauth2/authorize",
  "backchannel_logout_supported": false,
  "claims_supported": [
    "applicationId",
    "at_hash",
    "aud",
    "authenticationType",
    "birthdate",
    "c_hash",
    "email",
    "email_verified",
    "exp",
    "family_name",
    "given_name",
    "iat",
    "iss",
    "jti",
    "middle_name",
    "name",
    "nbf",
    "nonce",
    "phone_number",
    "phone_number_verified",
    "picture",
    "preferred_username",
    "roles",
    "sub"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "device_authorization_endpoint": "https://piedpiper.fusionauth.io/oauth2/device_authorize",
  "end_session_endpoint": "https://piedpiper.fusionauth.io/oauth2/logout",
  "frontchannel_logout_supported": true,
  "grant_types_supported": [
    "authorization_code",
    "password",
    "implicit",
    "refresh_token",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "id_token_signing_alg_values_supported": [
    "ES256",
    "ES384",
    "ES512",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ],
  "issuer": "piedpiper.fusionauth.io",
  "jwks_uri": "https://piedpiper.fusionauth.io/.well-known/jwks.json",
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "response_types_supported": [
    "code",
    "id_token",
    "token id_token"
  ],
  "scopes_supported": [
    "openid",
    "offline_access"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://piedpiper.fusionauth.io/oauth2/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "none"
  ],
  "userinfo_endpoint": "https://piedpiper.fusionauth.io/oauth2/userinfo",
  "userinfo_signing_alg_values_supported": [
    "ES256",
    "ES384",
    "ES512",
    "HS256",
    "HS384",
    "HS512",
    "RS256",
    "RS384",
    "RS512"
  ]
}