OAuth 2.0 Endpoints
|
Description |
URL |
Authorization |
The OAuth authorization server (AS) uses the authorization endpoint to interact directly with resource owners, authenticate them, and obtain their authorizations. |
/as/authorization.oauth2 |
Client Initiated Backchannel Authentication |
A CIBA-capable client uses this endpoint to initiate a backchannel, out-of-band flow to authenticate the resource owners and obtain their authorizations. |
/as/bc-auth.ciba |
Token Endpoint |
The client presents its authorization grant to the token endpoint to obtain an access token and a refresh token when needed |
/as/token.oauth2 |
Introspection Endpoint |
A resource server (RS) client uses the introspection endpoint to validate an access token or a refresh token prior to granting access to a protected-resources call. |
/as/introspect.oauth2 |
Token revocation endpoint |
The token revocation endpoint allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed |
/as/revoke_token.oauth2 |
Grant-management endpoint |
Resource owners use the grant-management endpoint to view, and optionally revoke, the persistent access grants they have made. |
as/grants.oauth2 and /as/oauth_access_grants.ping |
OpenID Provider (OP) configuration endpoint |
The OpenID Provider (OP) configuration endpoint provides configuration information for the OAuth clients to interface with PingFederate using the OpenID Connect protocol. |
/.well-known/openid-configuration |
UserInfo endpoint |
OAuth clients can present access tokens to the UserInfo endpoint to retrieve additional information about the resource owners. |
/idp/userinfo.openid |