Read Well-Known OIDC Configuration
GET {{authPath}}/{{envID}}/davinci/.well-known/openid-configuration
The following sample shows the discovery endpoint, GET {{authPath}}/{{envID}}/davinci/.well-known/openid-configuration, which returns the OpenID Connect provider metadata document for the issuer, https://auth.pingone.com.
The response is a set of claims about the OpenID provider's configuration, including all necessary endpoints and public key location information.
| Claim | Description |
|---|---|
issuer | A string that specifies the URL that the provider uses as its issuer identifier. |
authorization_endpoint | A string that specifies the URL of the provider's OAuth 2.0 global authorization endpoint. |
token_endpoint | A string that specifies the URL of the provider's OAuth 2.0 token endpoint. |
userinfo_endpoint | A string that specifies the URL of the provider's OAuth 2.0 userinfo endpoint, which returns claims about the authenticated end user. |
jwks_uri | A string that specifies the URL of the provider's OAuth 2.0 JSON Web Key Set document. |
token_endpoint_auth_methods_supported | An array that specifies the list of client authentication methods supported by the token endpoint. Options are client_secret_basic and client_secret_post. |
id_token_signing_alg_values_supported | An array that specifies the list of signing algorithms supported by the provider for the ID token to encode the claims in a JWT. |
response_types_supported | An array that specifies the list of response types that the provider supports. Options are code, token, id_token, and token id_token. |
scopes_supported | An array that specifies the list of scopes that the resource server supports. |
subject_types_supported | An array that specifies the list of the subject identifier types that the provider supports. Options are public. |
Note: The authorization_endpoint claim returned by the discovery endpoint shows the DaVinci global authorize endpoint instead of the policy-specific authorize endpoint that identifies a flow policy in the request URL (see Authorize using GET). The global authorize endpoint supports flow policy selection through other attributes, such as acr_values.
RESPONSES
status: OK
{"issuer":"https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci","token_endpoint":"https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/token","userinfo_endpoint":"https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/userinfo","authorization_endpoint":"https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/authorize","jwks_uri":"https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/davinci/.well-known/jwks.json","token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","token","id_token","token id_token"],"scopes_supported":["openid","profile"],"subject_types_supported":["public"]}