Authorization Endpoint defined in RFC 6749#Authorization endpoint defined in RFC 6749, used to obtain an Authorization Grant from the Resource Owner: Example:
Token Endpoint defined in RFC 6749#Token Endpoint defined in RFC 6749, used to obtain an access token from the authorization server Example:
Token Info Endpoint#Endpoint not defined in RFC 6749, used to validate tokens, and to retrieve information such as scopes
Given an Access Token, a Resource Server can perform an HTTP GET on /oauth2/tokeninfo?access_token=token-id to retrieve a JSON object indicating token_type, expires_in, scope, and the access_token ID.
Resource Servers — or any party having the token ID — can get token information through this endpoint without authenticating. This means any application or user can validate the token without having to be registered with OpenAM.
Discovering Provider configuration URI Endpoint#OpenAM exposes Endpoints for discovering information about the provider configuration, and about the provider for a given end user.
For examples, see Configuring OpenAM For OpenID Connect Discovery .OpenID Connect client applications. For dynamic registration according to the OAuth 2.0 Dynamic Client Registration Protocol specification, the Registration Endpoint is
Performing OpenID Connect 1.0 Client Authorization#Registered Relying Party can request authorization through OpenAM.
OpenID Connect 1.0 supports both a the OAuth 2.0 Authorization Code Grant, and an Implicit Grant. These client profiles rely on the Authorization_endpoint. Those OAuth 2.0 Endpoints are described in OAuth 2.0 Client & Resource Server Endpoints.Userinfo_endpoint
Managing OpenID Connect 1.0 Sessions#Registered clients can use OpenID Connect Session Management 1.0 to handle end user logout actions.
- /oauth2/connect/checkSession allows clients to retrieve session status notifications.
- /oauth2/connect/endSession allows clients to terminate end user sessions.
For an example, see Managing User Sessions .