4.2 Metadata Endpoint

The metadata endpoint exposes the basic services and options available at Identity Server for OAuth 2.0 and OpenID Connect. This also contains URLs for the endpoints. This endpoint is in the following format:

https://<Identity Server URL: Port Number>/nidp/oauth/nam/.well-known/openid-configuration

Invoking the endpoint URL responds with a JSON document that contains the following information:

  • OAuth2.0 Endpoints

  • ID Token supported algorithms

  • JWKS Keys which can be used for verifying Access Token and ID token

  • Client Registration Endpoint

  • Scope and Resource Server registration Endpoint

  • JSON Web Key Set Endpoint

Sample Metadata Endpoint: 

{"issuer": "https://example.netiq.com/nidp/oauth/nam",
"authorization_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/authz",
"token_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/token",
"userinfo_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/userinfo",
"revocation_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/revoke",
"introspection_endpoint": "https://am-test.lab.novell.com/nidp/oauth/v1/nam/introspect",
"jwks_uri": "https://am-test.lab.novell.com/nidp/oauth/nam/keys",
"registration_endpoint": "https://am-test.lab.novell.com/nidp/oauth/nam/clients",
"scopes_supported": [
"phone",
"urn:netiq.com:nam:scope:oauth:registration:read",
"address",
"urn:netiq.com:nam:scope:oauth:registration:full",
"email",
"profile",
"openid"
],
"response_types_supported": [
"token",
"id_token",
"code",
"token id_token",
"code token",
"code id_token token",
"code id_token",
"none"
],
"response_modes_supported": [
"query",
"fragment",
"form_post"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"password",
"client_credentials",
"saml2-bearer",
"refresh_token"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"claims_supported": [
"phone_number_verified",
"phone_number",
"read",
"address",
"add",
"modify",
"delete",
"email_verified",
"email",
"website",
"birthdate",
"gender",
"profile",
"preferred_username",
"given_name",
"middle_name",
"locale",
"picture",
"zone_info",
"updated_at",
"nickname",
"name",
"family_name"
],
"code_challenge_methods_supported": [
"plain",
"S256"
],
"subject_types_supported": [
"public"
],
"token_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"revocation_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic"
],
"introspection_endpoint_auth_methods_supported": [
"client_secret_post",
"client_secret_basic",
"bearer"
] 
}