Sign In
Get Started
Search
⌘K
Get Started
Platform
Dashboard
Developer Guides
API Reference
UI Widgets
Providers
Legal
Flow
Changelog
Roadmap
For Developers

Well-Known

the Edlink Team
By the Edlink Team
Unknown Date
Copy Markdown
Report an Issue

The OpenID Connect (OIDC) well-known configuration endpoint provides essential information about Edlink's OIDC provider. This endpoint helps clients (applications) interact with Edlink by dynamically discovering necessary endpoints and supported features.

You can find the well-known configuration endpoint at https://ed.link/api/authentication/oidc/.well-known/openid-configuration/. This endpoint returns a JSON object containing details such as the issuer, authorization endpoint, token endpoint, scopes supported, response types supported, and more.

Purpose of the Well-Known Configuration Endpoint

The main purpose of the well-known configuration endpoint is to streamline the process of integrating with Edlink. By providing a single, consistent location to retrieve configuration details, it simplifies client setup and ensures that all clients have access to the latest configuration without manual updates.

Example Configuration

Here is the provided well-known configuration:

{
    "issuer": "https://ed.link/api/authentication/oidc",
    "authorization_endpoint": "https://ed.link/api/authentication/oidc/authorize",
    "token_endpoint": "https://ed.link/api/authentication/oidc/token",
    "token_endpoint_auth_methods_supported": ["client_secret_basic"],
    "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
    "userinfo_endpoint": "https://ed.link/api/authentication/oidc/userinfo",
    "jwks_uri": "https://ed.link/api/authentication/oidc/jwks",
    "scopes_supported": ["openid", "profile", "email"],
    "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "id_token token", "code id_token token", "none"],
    "subject_types_supported": ["public"],
    "userinfo_signing_alg_values_supported": ["RS256"],
    "id_token_signing_alg_values_supported": ["RS256"],
    "introspection_endpoint": "https://ed.link/api/authentication/oidc/introspect",
    "introspection_endpoint_auth_methods_supported": ["client_secret_basic"],
    "revocation_endpoint": "https://ed.link/api/authentication/oidc/revoke",
    "revocation_endpoint_auth_methods_supported": ["client_secret_basic"],
    "service_documentation": "https://ed.link/docs",
    "ui_locales_supported": ["en-US"]
}

How to Use the Well-Known Configuration

1. Issuer

The issuer field is Edlink's identifier. It must match exactly with the iss field in the ID Token.

"issuer": "https://ed.link/api/authentication/oidc"

2. Authorization Endpoint

This endpoint is used to initiate the authentication request. Clients redirect users to this endpoint to start the login process.

"authorization_endpoint": "https://ed.link/api/authentication/oidc/authorize"

3. Token Endpoint

After authentication, clients use this endpoint to exchange the authorization code for an access token.

"token_endpoint": "https://ed.link/api/authentication/oidc/token"

4. Token Endpoint Authentication Methods Supported

Lists the supported methods for client authentication at the token endpoint.

"token_endpoint_auth_methods_supported": [
  "client_secret_basic"
]

5. Token Endpoint Authentication Signing Algorithms Supported

Specifies the algorithms that can be used for signing at the token endpoint.

"token_endpoint_auth_signing_alg_values_supported": [
  "RS256"
]

6. Userinfo Endpoint

This endpoint provides user profile information. Clients use the access token to retrieve user details from this endpoint.

"userinfo_endpoint": "https://ed.link/api/authentication/oidc/userinfo"

7. JWKS URI

The JSON Web Key Set (JWKS) URI is used to retrieve the public keys necessary to verify the signatures of tokens.

"jwks_uri": "https://ed.link/api/authentication/oidc/jwks"

8. Scopes Supported

The scopes define the level of access requested by the client. The supported scopes in this configuration include openid, profile, and email.

"scopes_supported": [
  "openid",
  "profile",
  "email"
]

9. Response Types Supported

Defines the types of responses supported by the authorization endpoint.

"response_types_supported": [
  "code",
  "token",
  "id_token",
  "code token",
  "code id_token",
  "id_token token",
  "code id_token token",
  "none"
]

10. Subject Types Supported

Indicates the types of subject identifiers supported. In this case, only public is supported.

"subject_types_supported": [
  "public"
]

11. Userinfo Signing Algorithms Supported

Specifies the algorithms supported for signing the Userinfo responses.

"userinfo_signing_alg_values_supported": [
  "RS256"
]

12. ID Token Signing Algorithms Supported

Lists the algorithms supported for signing ID tokens.

"id_token_signing_alg_values_supported": [
  "RS256"
]

13. Introspection Endpoint

Clients use this endpoint to introspect (validate) access tokens.

"introspection_endpoint": "https://ed.link/api/authentication/oidc/introspect"

14. Introspection Endpoint Authentication Methods Supported

Defines the supported authentication methods for the introspection endpoint.

"introspection_endpoint_auth_methods_supported": [
  "client_secret_basic"
]

15. Revocation Endpoint

The endpoint to revoke access tokens, typically used when a client wants to invalidate a token before it expires.

"revocation_endpoint": "https://ed.link/api/authentication/oidc/revoke"

16. Revocation Endpoint Authentication Methods Supported

Specifies the supported authentication methods for the revocation endpoint.

"revocation_endpoint_auth_methods_supported": [
  "client_secret_basic"
]

17. Service Documentation

A link to the documentation for further information and detailed guides on how to use Edlink's OIDC provider.

"service_documentation": "https://ed.link/docs"

18. UI Locales Supported

Indicates the supported locales for the user interface, which in this case includes English (United States).

"ui_locales_supported": [
  "en-US"
]