Endpoints (OICD)

In this article

    The OpenID Connect identity provider has a number of endpoints with which the user and client application interact.

    OpenID Connect metadata document

    OpenID Connect describes a metadata document that contains most of the information required for an app to perform sign-in. This includes all endpoint URLs in use and the location of the service’s public signing keys. The OpenID Connect metadata document can be found at:


    The environment subdomain is unique for each application environment; development (sod), stage (qaonline) and production (online).

    Common Endoints

    Authorization endpoint

    This is where the user is asked to authenticate and grant the partner application consent to access their identity. When consent is given, this endpoint passes back an authorization code.

    Here, the user interacts indirectly with the identity provider through a user agent, such as a browser.

    Token endpoint

    This endpoint authenticates the client application. It also exchanges the authorization code from the authorization endpoint for an ID token, an access token, and a refresh token.

    UserInfo endpoint

    Not supported at the time of writing.

    End Session endpoint

    The end session endpoint can be used to trigger single sign-out (see spec).

    Jwks endpoint

    The JSON Web Key Set (JWKS) is a set of keys which contains the public keys used to verify any JSON Web Token (JWT) issued by the SuperID.