Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Introduction

The CoreOne Authentication Service offers various endpoints according to the OIDC specification. Each of the endpoints is briefly described here.

Discovery Endpoint

The discovery endpoint can be used by applications to retrieve the metadata about the CoreOne Authentication Service. It contains information about all the other endpoints, the configured claims, scopes and so on.

https://idp.coreone.ch/.well-known/openid-configuration

Authorization Endpoint

The authorization endpoint can be used to request tokens.

https://idp.coreone.ch/connect/authorize

User Info Endpoint

The user info endpoint can be used to retrieve information about the user. In order to retrieve data from this endpoint, the caller needs to provide a valid access token.

https://idp.coreone.ch/connect/userinfo

Device Authorization Endpoint

The device authorization endpoint can be used to request device and user codes, typically used by device flow authorization process.

https://idp.coreone.ch/connect/deviceauthorization

Introspection Endpoint

The introspection endpoint validates whether a token has access to the API resource and if the token is active. Authentication at the introspection endpoint occurs using the API resource's secret

Request

POST https://idp.coreone.ch/connect/introspect
Authorization: Basic base64({api_resource_name}:{api_resource_secret})
Content-Type: application/x-www-form-urlencoded

token={access_token}

Response

Code

Message

200

{
    "nbf": "int",
    "exp": "int",
    "iss": "String",
    "aud": ["String"],
    "client_id": "String",
    "sub": "String",
    "auth_time": "int",
    "idp": "String",
    "given_name": "String",
    "family_name": "String",
    "c1s_appcustomerid": "String",
    "display_name": "String",
    "c1s_tenantid": "String",
    "c1s_coreidentityid": "String",
    "local": "String",
    "c1s_role": ["String"],
    "iat": "int",
    "amr": "String",
    "active": "boolean",
    "scope": "String"
}

400

invalid request

401

unauthorized request

Note: Before working with the response, always check if the IsError property is set to make sure the request was successful.

Revocation Endpoint

The revocation endpoint allows the revocation of access tokens (reference tokens only https://itsense.atlassian.net/wiki/spaces/IKB/pages/1992982615/Token#Self-Contained-vs-Reference-Token) and refresh tokens.

Request

  • token

    The token to revoke (required)

  • token_type_hint

    Either access_token or refresh_token (optional)

POST https://idp.coreone.ch/connect/revocation 
Content-Type: application/x-www-form-urlencoded
Authorization: Basic base64({client_id}:{client_secret})

token={token}&token_type_hint={token_type_hint}

Response

Code

Message

200

End Session Endpoint

The end session endpoint can be used to trigger a single sign-out process.

https://idp.coreone.ch/connect/endsession

Request

  • post_logout_url

    Where the user should be redirected to after the logout

  • id_token_hing

    The actual id token of the user to identify the user

GET https://idp.coreone.ch/connect/endsession 
Content-Type: application/x-www-form-urlencoded

post_logout_url={post_logout_url}&id_token_hint={id_token_hint}

Response

Code

Message

302

Redirect to the logout url

200

If no logout url is specified

  • No labels

© ITSENSE AG. Alle Rechte vorbehalten. ITSENSE und CoreOne sind eingetragene Marken der ITSENSE AG.