Fortinet black logo

REST API Solution Guide

OIDC Connect Discovery Info

OIDC Connect Discovery Info

URL: https://[server_name]/api/v1/oauth/.well-known/oauth-authorization-server/

URL: https://[server_name]/api/v1/oauth/.well-known/openid-configuration/

This endpoint provides auto discovery information to OIDC clients, telling them the JWT issuer to use, the location of the JWKs to verify JWTs with, the token and user info endpoints to query, and other details.

Example

curl -k -v -X GET https://[FAC_IP]/api/v1/oauth/.well-known/oauth-authorization-server/

Response:
{
    "issuer": "/api/v1/oauth",
    "authorization_endpoint": "/api/v1/oauth/api/v1/oauth/authorize/",
    "token_endpoint": "/api/v1/oauth/api/v1/oauth/token/",
    "userinfo_endpoint": "/api/v1/oauth/api/v1/oauth/userinfo/",
    "jwks_uri": "/api/v1/oauth/api/v1/oauth/.well-known/keys/",
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "id_token token",
        "code token",
        "code id_token",
        "code id_token token"
    ],
    "subject_types_supported": [
        "public"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
    ]
}

OIDC Connect Discovery Info

URL: https://[server_name]/api/v1/oauth/.well-known/oauth-authorization-server/

URL: https://[server_name]/api/v1/oauth/.well-known/openid-configuration/

This endpoint provides auto discovery information to OIDC clients, telling them the JWT issuer to use, the location of the JWKs to verify JWTs with, the token and user info endpoints to query, and other details.

Example

curl -k -v -X GET https://[FAC_IP]/api/v1/oauth/.well-known/oauth-authorization-server/

Response:
{
    "issuer": "/api/v1/oauth",
    "authorization_endpoint": "/api/v1/oauth/api/v1/oauth/authorize/",
    "token_endpoint": "/api/v1/oauth/api/v1/oauth/token/",
    "userinfo_endpoint": "/api/v1/oauth/api/v1/oauth/userinfo/",
    "jwks_uri": "/api/v1/oauth/api/v1/oauth/.well-known/keys/",
    "response_types_supported": [
        "code",
        "token",
        "id_token",
        "id_token token",
        "code token",
        "code id_token",
        "code id_token token"
    ],
    "subject_types_supported": [
        "public"
    ],
    "id_token_signing_alg_values_supported": [
        "RS256"
    ],
    "token_endpoint_auth_methods_supported": [
        "client_secret_post",
        "client_secret_basic"
    ]
}