The metadata endpoint exposes basic services and options available in Identity Server for OAuth 2.0 and OpenID Connect. This also contains URLs for endpoints. This endpoint is in the following format:
https://<Identity Server URL: Port Number>/nidp/oauth/nam/.well-known/openid-configuration
Invoking the endpoint URL responds with a JSON document that contains the following information:
OAuth2.0 Endpoints
ID Token supported algorithms
JWKS Keys which can be used for verifying Access Token and ID token
Client Registration Endpoint
Scope and Resource Server registration Endpoint
JSON Web Key Set Endpoint
Supported response_types
Supported response_modes
Supported token_endpoint_auth_methods
Supported revocation_endpoint_auth_methods
Supported introspection_endpoint_auth_methods_supported
Supported Front Channel Logout
Sample Metadata Endpoint:
{"issuer": "https://example.netiq.com/nidp/oauth/nam", "authorization_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/authz", "token_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/token", "userinfo_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/userinfo", "end_session_endpoint": "https://am-test.lab.novell.com/nidp/oauth/v1/nam/end_session", "revocation_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/revoke", "introspection_endpoint": "https://am-test.lab.novell.com/nidp/oauth/v1/nam/introspect", "jwks_uri": "https://am-test.lab.novell.com/nidp/oauth/nam/keys", "registration_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/clients", "scopes_supported": [ "phone", "urn:netiq.com:nam:scope:oauth:registration:read", "address", "urn:netiq.com:nam:scope:oauth:registration:full", "email", "profile", "openid" ], "response_types_supported": [ "token", "id_token", "code", "token id_token", "code token", "code id_token token", "code id_token", "none" ], "frontchannel_logout_supported": true, "frontchannel_logout_session_supported": true, "response_modes_supported": [ "query", "fragment", "form_post" ], "grant_types_supported": [ "authorization_code", "implicit", "password", "client_credentials", "saml2-bearer", "refresh_token" ], "id_token_signing_alg_values_supported": [ "RS256" ], "claims_supported": [ "phone_number_verified", "phone_number", "read", "address", "add", "modify", "delete", "email_verified", "email", "website", "birthdate", "gender", "profile", "preferred_username", "given_name", "middle_name", "locale", "picture", "zone_info", "updated_at", "nickname", "name", "family_name" ], "code_challenge_methods_supported": [ "plain", "S256" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "revocation_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic" ], "introspection_endpoint_auth_methods_supported": [ "client_secret_post", "client_secret_basic", "bearer" ] }