!!! Overview

! [Authorization Endpoint|Authorization_endpoint] defined in [RFC 6749]
Authorization endpoint defined in [RFC 6749], used to obtain an [Authorization Grant] from the [Resource Owner]:
Example: 
%%prettify 
{{{
https://openam.example.com:8443/openam/oauth2/authorize
}}} /%


! [Token Endpoint|Token_endpoint] defined in [RFC 6749]
[Token Endpoint|Token_endpoint] defined in [RFC 6749], used to obtain an access token from the authorization server
Example: 
%%prettify 
{{{
https://openam.example.com:8443/openam/oauth2/access_token
}}} /%

! Token Info Endpoint
[Endpoint] __not__ defined in [RFC 6749], used to validate tokens, and to retrieve information such as scopes

Given an [Access Token], a [Resource Server] can perform an HTTP GET on /oauth2/tokeninfo?access_token=token-id to retrieve a [JSON] object indicating token_type, expires_in, scope, and the access_token ID.

Example: 
%%prettify 
{{{
https://openam.example.com:8443/openam/oauth2/tokeninfo
}}} /%

The [Authorization Endpoint|Authorization_endpoint] and [Token Endpoint|Token_endpoint] endpoints function as described in [RFC 6749].

The [Authorization Endpoint|Authorization_endpoint] endpoint is protected by the policy created during [OAuth 2.0] authorization server configuration, which grants all authenticated users access.

[Resource Servers] — or any party having the token ID — can get token information through this endpoint without authenticating. This means any application or user can validate the token without having to be registered with [OpenAM].

!! [OpenAM] [OpenID Connect] [Endpoints]

! Discovering [Provider configuration URI|Provider Configuration URI] [Endpoint]
[OpenAM] exposes [Endpoints] for discovering information about the provider configuration, and about the provider for a given end user.

%%prettify 
{{{
https://openam.example.com:8443/openam/.well-known/openid-configuration
}}} /%
allows clients to retrieve [Identity Provider (IDP)] configuration by HTTP GET as specified by [OpenID Connect Discovery].

! [WebFinger]
%%prettify 
{{{
https://openam.example.com:8443/openam/.well-known/webfinger
}}} /%
allows clients to retrieve the [Provider Configuration URI] for an end user by HTTP GET as specified by [OpenID Connect Discovery].

For examples, see Configuring OpenAM For OpenID Connect Discovery .

!! [OAuth 2.0 Dynamic Client Registration Protocol]
OpenAM allows both static and dynamic registration of [OpenID Connect] client applications. For dynamic registration according to the [OAuth 2.0 Dynamic Client Registration Protocol] specification, the [Registration Endpoint|Registration_endpoint] is 
%%prettify 
{{{
https://openam.example.com:8443/openam/oauth2/connect/register
}}} /%
See To Register a Client Dynamically for details.

! Performing OpenID Connect 1.0 Client Authorization
Registered [Relying Party] can request authorization through [OpenAM].

[OpenID Connect] 1.0 supports both a the OAuth 2.0 [Authorization Code Grant], and an [Implicit Grant]. These client profiles rely on the [Authorization_endpoint]. Those [OAuth 2.0 Endpoints] are described in [OAuth 2.0] Client & Resource Server Endpoints.

!! [Userinfo_endpoint]
In addition, authorized clients can access end user information through the OpenID Connect 1.0 [Userinfo_endpoint]
%%prettify 
{{{
https://openam.example.com:8443/openam/oauth2/userinfo
}}} /% 
For examples, see Client Examples .

!! Managing OpenID Connect 1.0 Sessions
Registered clients can use [OpenID Connect Session Management] 1.0 to handle end user logout actions.
* /oauth2/connect/checkSession allows clients to retrieve session status notifications.
* /oauth2/connect/endSession allows clients to terminate end user sessions.

For an example, see Managing User Sessions .

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]