Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following information is required to make a request.

ParameterDescriptionSample Value
ResourceIdentifier for the target end user that is the subject of the discovery request.acct:admin@localhost (for super tenant)
acct:admin@wso2.com@localhost (for tenant)
HostServerWhere the WebFinger service is hosted.localhost
relURI identifying the type of service whose location is being requested.http://openid.net/specs/connect/1.0/issuer
Info

By default, all endpoints in the WSO2 Identity Server are secured with basic authentication. You will need authentication details to call an endpoint. By default, you can use admin credentials, or an access token for the request.

Sample requests and responses are given below:

Request (for super tenant)
Code Block
titleSample Request
curl -v -k --user admin:admin https://localhost:9443/.well-known/webfinger?resource='acct:admin@localhost&rel=http://openid.net/specs/connect/1.0/issuer'
Response (for super tenant)
Code Block
{
   "subject": "acct:admin@localhost",
   "links": [
      {
         "rel": "http://openid.net/specs/connect/1.0/issuer",
         "href": "https://localhost:9443/oauth2/token"
      }
   ]
}
Request (for tenant: wso2.com)
Code Block
titleSample Request
curl -v -k --user admin:admin https://localhost:9443/.well-known/webfinger?resource='acct:admin%40wso2.com@localhost&rel=http://openid.net/specs/connect/1.0/issuer'
Response (for tenant: wso2.com)
Code Block
{
   "subject": "acct:admin@wso2.com@localhost",
   "links": [
      {
         "rel": "http://openid.net/specs/connect/1.0/issuer",
         "href": "https://localhost:9443/t/wso2.com/oauth2/token"
      }
   ]
}

Obtaining the OpenID Provider configuration information

...

  1. Once you receive the response as shown in the sample response of the previous section, append "/.well-known/openid-configuration" to the href value that you received.  

    Code Block
    https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration

  2. Send a request to the endpoint as shown below. 

    Request
    Code Block
    titleSample Request
    curl -v -k --user admin:admin https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration
    Response
    Code Block
    titleSample Response 
    {
    "scopes_supported": [
        "address",
        "phone",
        "email",
        "profile",
        "openid"
    ],
    "check_session_iframe": "https://localhost:9443/oidc/checksession",
    "issuer": "https://localhost:9443/oauth2/token",
    "authorization_endpoint": "https://localhost:9443/oauth2/authorize",
    "claims_supported": [
        "formatted",
        "name",
        "phone_number",
        "given_name",
        "picture",
        "region",
        "street_address",
        "postal_code",
        "zoneinfo",
        "locale",
        "profile",
        "locality",
        "sub",
        "updated_at",
        "email_verified",
        "nickname",
        "middle_name",
        "email",
        "family_name",
        "website",
        "birthdate",
        "address",
        "preferred_username",
        "phone_number_verified",
        "country",
        "gender",
        "iss",
        "acr"
    ],
    "token_endpoint": "https://localhost:9443/oauth2/token",
    "response_types_supported": [
        "id_token token",
        "code",
        "id_token",
        "token"
    ],
    "end_session_endpoint": "https://localhost:9443/oidc/logout",
    "userinfo_endpoint": "https://localhost:9443/oauth2/userinfo",
    "jwks_uri": "https://localhost:9443/oauth2/jwks",
    "subject_types_supported": [
        "pairwise"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "registration_endpoint": "https://localhost:9443/identity/connect/register"
}