OpenID Configuration
The OpenID metadata describing the configuration as defined by Section 3. OpenID Provider Metadata.
Request#
Returns the well known OpenID Configuration JSON document
GET/{tenantId}/.well-known/openid-configuration
URL segment#
tenantIdUUIDrequiredAvailable since 1.46.0The tenant identifier.
GET/.well-known/openid-configuration
OpenAPI Spec
Request Parameters#
tenantIdUUIDoptionalAvailable since 1.8.0The tenant identifier. If provided then a specific issuer will be returned, when this property is not provided the default tenant Id will be used.
Response#
The response for this request should always return a 200 with a JSON body.
Example JSON Response
{
"authorization_endpoint": "https://piedpiper.fusionauth.io/oauth2/authorize",
"backchannel_logout_supported": false,
"claims_supported": [
"applicationId",
"at_hash",
"aud",
"authenticationType",
"birthdate",
"c_hash",
"email",
"email_verified",
"exp",
"family_name",
"given_name",
"iat",
"iss",
"jti",
"middle_name",
"name",
"nbf",
"nonce",
"phone_number",
"phone_number_verified",
"picture",
"preferred_username",
"roles",
"sub"
],
"code_challenge_methods_supported": [
"S256"
],
"device_authorization_endpoint": "https://piedpiper.fusionauth.io/oauth2/device_authorize",
"end_session_endpoint": "https://piedpiper.fusionauth.io/oauth2/logout",
"frontchannel_logout_supported": true,
"grant_types_supported": [
"authorization_code",
"password",
"implicit",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code"
],
"id_token_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"issuer": "piedpiper.fusionauth.io",
"jwks_uri": "https://piedpiper.fusionauth.io/.well-known/jwks.json",
"response_modes_supported": [
"form_post",
"fragment",
"query"
],
"response_types_supported": [
"code",
"id_token",
"token id_token"
],
"scopes_supported": [
"openid",
"offline_access"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://piedpiper.fusionauth.io/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"none"
],
"userinfo_endpoint": "https://piedpiper.fusionauth.io/oauth2/userinfo",
"userinfo_signing_alg_values_supported": [
"ES256",
"ES384",
"ES512",
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
]
}