OIDC Discovery in wso2 Identity Server 5.3.0
Why OIDC Discovery is important?
Identity Server offers a JSON document under the /.well-known/openid-configuration URL. This document has information about the issuer name, endpoint URLs, key material and capabilities of the provider, e.g. which scopes or response types it supports.
High Level Steps
- Start Identity Server.
- Use curl commands to discover the end user's OpenID Provider and the other information.
Detailed Instructions
- Start Identity server, open the terminal and run below curl command to obtain ‘href’ value which is the OpenidConnect discover endpoint of the Identity Servers.
curl -v -k --user admin:admin https://localhost:9443/.well-known/webfinger?resource='acct:admin@localhost&rel=http://openid.net/specs/connect/1.0/issuer'
(Here resource is identifier for the target end user that is the subject of the discovery request and rel is URI identifying the type of service whose location is being requested.)
2. You will get following response.
{
"subject": "acct:admin@wso2.com@localhost",
"links": [
{
}
]
}
3. Use the href received and append /.well-known/openid-configuration to it and run the following curl to obtain Openid provider’s details).
Expected outcome
{"scopes_supported":["address","phone","email","profile","openid"],"issuer":"https://localhost:9443/oauth2/token","authorization_endpoint":"https://localhost:9443/oauth2/authorize","claims_supported"
["birthdate","preferred_username","name","phone_number","profile","region","street_address","locality","zoneinfo","locale","sub","gender","formatted","email_verified","updated_at","middle_name","nickname","email","family_name","website","address","phone_number_verified","given_name","picture","postal_code","country","iss","acr"],"token_endpoint":"https://localhost:9443/oauth2/token","response_types_supported":["id_token token","code","id_token","token"],"userinfo_endpoint":"https://localhost:9443/oauth2/userinfo","jwks_uri":"https://localhost:9443/oauth2/jwks","subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"registration_endpoint":"https://localhost:9443/identity/connect/register"
The response contains the openid provider details such as the issuer name, endpoint URLs, key material and capabilities of the provider, e.g. which scopes or response types it supports.
Comments
Post a Comment