The OpenID Connect identity provider has a number of endpoints with which the user and client application interact.
OpenID Connect metadata document
OpenID Connect describes a metadata document that contains most of the information required for an app to perform sign-in. This includes all endpoint URLs in use and the location of the service’s public signing keys. The OpenID Connect metadata document can be found at:
The environment subdomain is unique for each application environment; development (sod), stage (qaonline) and production (online).
This is where the user is asked to authenticate and grant the partner application consent to access their identity. When consent is given, this endpoint passes back an authorization code.
Here, the user interacts indirectly with the identity provider through a user agent, such as a browser.
This endpoint authenticates the client application. It also exchanges the authorization code from the authorization endpoint for an ID token, an access token, and a refresh token.
Not supported at the time of writing.
End Session endpoint
The end session endpoint can be used to trigger single sign-out (see spec).
The JSON Web Key Set (JWKS) is a set of keys which contains the public keys used to verify any JSON Web Token (JWT) issued by the SuperID.