Introduction

The CoreOne Authentication Service offers various endpoints according to the OIDC specification. Each of the endpoints is briefly described here.

Discovery Endpoint

The discovery endpoint can be used by applications to retrieve the metadata about the CoreOne Authentication Service. It contains information about all the other endpoints, the configured claims, scopes and so on.

Authorization Endpoint

The authorization endpoint can be used to request tokens.

User Info Endpoint

The user info endpoint can be used to retrieve information about the user. In order to retrieve data from this endpoint, the caller needs to provide a valid access token.

Device Authorization Endpoint

The device authorization endpoint can be used to request device and user codes, typically used by device flow authorization process.

Introspection Endpoint

The introspection endpoint validates whether a token has access to the API resource and if the token is active. Authentication at the introspection endpoint occurs using the API resource's secret

Request

Response

Revocation Endpoint

The revocation endpoint allows the revocation of access tokens (reference tokens only Token | Self Contained vs Reference Token) and refresh tokens.

Request

• token

  The token to revoke (required)

• token_type_hint

  Either access_token or refresh_token (optional)

Response

End Session Endpoint

The end session endpoint can be used to trigger a single sign-out process.

Request

• post_logout_url

  Where the user should be redirected to after the logout

• id_token_hint

  The actual id token of the user to identify the user

Response