The OpenID Connect identity provider has a number of endpoints with which the user and client application interact.
OpenID Connect metadata document
OpenID Connect describes a metadata document that contains most of the information required for an app to perform sign-in. This includes all endpoint URLs in use and the location of the service’s public signing keys. The OpenID Connect metadata document can be found at:
https://{environment}.superoffice.com/login/.well-known/openid-configuration
The environment subdomain is unique for each application environment; development (sod), stage (qaonline) and production (online).
Common Endoints
Authorization endpoint
This is where the user is asked to authenticate and grant the partner application consent to access their identity. When consent is given, this endpoint passes back an authorization code.
Here, the user interacts indirectly with the identity provider through a user agent, such as a browser.
Token endpoint
This endpoint authenticates the client application. It also exchanges the authorization code from the authorization endpoint for an ID token, an access token, and a refresh token.
UserInfo endpoint
Not supported at the time of writing.
End Session endpoint
The end session endpoint can be used to trigger single sign-out (see spec).
Jwks endpoint
The JSON Web Key Set (JWKS) is a set of keys which contains the public keys used to verify any JSON Web Token (JWT) issued by the SuperID.