OAuth 2 is an open authorization protocol which enables applications to access and read data from another application.
cidaas supports OAuth2 with OpenID Connect standards, this will give Self-Discovery URL.
The below core endpoints:
|User Info Endpoint||New to OpenID Connect, this endpoint allows user to make a request using access token to receive claims about the authenticated end-user. This user information could be included in the identity token; however, this can cause bloat especially if we include things like profile pictures. Read More...|
|Authorization Endpoint||An authorization URL where the resource owner grants authorization to the OAuth2 client to access the protected resource, using request parameters defined by OAuth2 and additional parameters and parameter values defined by OpenID Connect.Read More...|
|Introspection Endpoint||It is used to validate reference tokens. The introspection endpoint requires authentication using a scope credential (only scopes that are contained in the access token can introspect the token)Read More...|
|Revocation Endpoint||Revocation Endpoint allows revoking access tokens and refresh token. It implements the token revocation specification.Read More...|
|End Session Endpoint||The end session endpoint can be used to trigger single sign-out. To use the end session endpoint a client application will redirect the user’s browser to the end session URL.Read More...|
|Check Session iframe||After signing in a user with OpenID Connect the client application may need to periodically check if the user is still logged in with the OpenID provider.Read More...|
|Token Endpoint||A token request URL where the OAuth2 client exchanges an authorization grant for an access token and an optional refresh token Read More...|
|JSON Web Key Set (JWKS) URL||When creating clients and resources servers (APIs) in cidaas, two algorithms are supported for signing JSON Web Tokens (JWTs): RS256 and HS256. RS256 generates an asymmetric signature, which means a private key must be used to sign the JWT and a different public key must be used to verify the signature Read More...|