4.2 Metadata Endpoint

The metadata endpoint exposes basic services and options available in Identity Server for OAuth 2.0 and OpenID Connect. This also contains URLs for endpoints. This endpoint is in the following format:

https://<Identity Server URL: Port Number>/nidp/oauth/nam/.well-known/openid-configuration

Invoking the endpoint URL responds with a JSON document that contains the following information:

  • OAuth2.0 Endpoints

  • ID Token supported algorithms

  • JWKS Keys which can be used for verifying Access Token and ID token

  • Client Registration Endpoint

  • Scope and Resource Server registration Endpoint

  • JSON Web Key Set Endpoint

  • Supported response_types

  • Supported response_modes

  • Supported token_endpoint_auth_methods

  • Supported revocation_endpoint_auth_methods

  • Supported introspection_endpoint_auth_methods_supported

  • Supported Front Channel Logout

Sample Metadata Endpoint: 

{"issuer": "https://example.netiq.com/nidp/oauth/nam",
"authorization_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/authz",
"token_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/token",
"userinfo_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/userinfo",
"end_session_endpoint": "https://am-test.lab.novell.com/nidp/oauth/v1/nam/end_session",
"revocation_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/revoke",
"introspection_endpoint": "https://am-test.lab.novell.com/nidp/oauth/v1/nam/introspect",
"jwks_uri": "https://am-test.lab.novell.com/nidp/oauth/nam/keys",
"registration_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/clients",
"scopes_supported": [
"phone",
"urn:netiq.com:nam:scope:oauth:registration:read",
"address",
"urn:netiq.com:nam:scope:oauth:registration:full",
"email",
"profile",
"openid"
],
"response_types_supported": [
"token",
"id_token",
"code",
"token id_token",
"code token",
"code id_token token",
"code id_token",
"none"
],
"frontchannel_logout_supported": true,
"frontchannel_logout_session_supported": true,
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"password",
"client_credentials",
"saml2-bearer",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"claims_supported": [
"phone_number_verified",
"phone_number",
"read",
"address",
"add",
"modify",
"delete",
"email_verified",
"email",
"website",
"birthdate",
"gender",
"profile",
"preferred_username",
"given_name",
"middle_name",
"locale",
"picture",
"zone_info",
"updated_at",
"nickname",
"name",
"family_name"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"revocation_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"introspection_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"bearer"
] 
}