OAuth 2.0 Endpoints
|
Description |
URL |
| Authorization |
The OAuth authorization server (AS) uses the authorization endpoint to interact directly with resource owners, authenticate them, and obtain their authorizations. |
/as/authorization.oauth2 |
| Client Initiated Backchannel Authentication |
A CIBA-capable client uses this endpoint to initiate a backchannel, out-of-band flow to authenticate the resource owners and obtain their authorizations. |
/as/bc-auth.ciba |
| Token Endpoint |
The client presents its authorization grant to the token endpoint to obtain an access token and a refresh token when needed |
/as/token.oauth2 |
| Introspection Endpoint |
A resource server (RS) client uses the introspection endpoint to validate an access token or a refresh token prior to granting access to a protected-resources call. |
/as/introspect.oauth2 |
| Token revocation endpoint |
The token revocation endpoint allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed |
/as/revoke_token.oauth2 |
| Grant-management endpoint |
Resource owners use the grant-management endpoint to view, and optionally revoke, the persistent access grants they have made. |
as/grants.oauth2 and /as/oauth_access_grants.ping |
| OpenID Provider (OP) configuration endpoint |
The OpenID Provider (OP) configuration endpoint provides configuration information for the OAuth clients to interface with PingFederate using the OpenID Connect protocol. |
/.well-known/openid-configuration |
| UserInfo endpoint |
OAuth clients can present access tokens to the UserInfo endpoint to retrieve additional information about the resource owners. |
/idp/userinfo.openid |
