OAuth 2.0 Authorization Server Metadata
GET {{authPath}}/.well-known/oauth-authorization-server/{{envID}}/asThe following sample shows the RFC8414-compliant discovery endpoint, GET {{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as, which returns the OAuth 2.0 authorization server metadata. For example, if the environment is located in the North America region, the {{authPath}} is https://auth.pingone.com.
The response is a set of claims about the authorization server’s configuration, including all necessary endpoints and public key location information. This endpoint supports provider metadata as described in RFC8414: OAuth 2.0 Authorization Server Metadata.
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as'var options = new RestClientOptions("{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}GET /.well-known/oauth-authorization-server/{{envID}}/as HTTP/1.1
Host: {{authPath}}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as")
.method("GET", body)
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as",
"method": "GET",
"timeout": 0,
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'GET',
'url': '{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as',
'headers': {
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
url = "{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as"
payload = {}
headers = {}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
'follow_redirects' => TRUE
));
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "net/http"
url = URI("{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)
response = http.request(request)
puts response.read_bodyvar request = URLRequest(url: URL(string: "{{authPath}}/.well-known/oauth-authorization-server/{{envID}}/as")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"issuer": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as",
"authorization_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/authorize",
"pushed_authorization_request_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/par",
"token_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/token",
"jwks_uri": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/jwks",
"end_session_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/signoff",
"introspection_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/introspect",
"revocation_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/revoke",
"device_authorization_endpoint": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/device_authorization",
"request_parameter_supported": true,
"request_uri_parameter_supported": false,
"require_pushed_authorization_requests": false,
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"offline_access"
],
"response_types_supported": [
"code",
"id_token",
"token id_token",
"code id_token",
"code token",
"code token id_token"
],
"response_modes_supported": [
"pi.flow",
"query",
"fragment",
"form_post"
],
"grant_types_supported": [
"authorization_code",
"implicit",
"client_credentials",
"refresh_token",
"urn:ietf:params:oauth:grant-type:device_code"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt"
],
"token_endpoint_auth_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512",
"RS256",
"RS384",
"RS512"
],
"code_challenge_methods_supported": [
"plain",
"S256"
]
}