IdentityServer4接⼝说明
Discovery定义了⼀个服务发现的规范,它定义了⼀个api( /.well-known/openid-configuration ),这个api返回⼀个json数据结构,其中包含了⼀些OIDC中提供的服务以及其⽀持情况的描述信息,这样可以使得oidc服务的RP可以不再硬编码OIDC服务接⼝信息。这个api返回的⽰例信息如下(这⾥⾯只是⼀部分)。
{
//发⾏⽹址,也就是说我们的权限验证站点。
"issuer": "localhost:44330",
//发⾏⽹址,也就是说我们的权限验证站点。
"jwks_uri": "localhost:44330/.well-known/openid-configuration/jwks",
//授权服务器的授权端点的URL。
"authorization_endpoint": "localhost:44330/connect/authorize",
/
/获取token的⽹址
"token_endpoint": "localhost:44330/connect/token",
//根据token获取⽤户信息
"userinfo_endpoint": "localhost:44330/connect/userinfo",
//登录注销。
"end_session_endpoint": "localhost:44330/connect/endsession",
//客户端对check_session_iframe执⾏监视,可以获取⽤户的登出状态。
"check_session_iframe": "localhost:44330/connect/checksession",
//这个⽹址允许撤销访问令牌(仅access tokens 和reference tokens)。它实现了令牌撤销规范(RFC 7009)。
"revocation_endpoint": "localhost:44330/connect/revocation",
/
/introspection_endpoint是RFC 7662的实现。它可以⽤于验证reference tokens(或如果消费者不⽀持适当的JWT或加密库,则JWTs)。
"introspection_endpoint": "localhost:44330/connect/introspect",
"device_authorization_endpoint": "localhost:44330/connect/deviceauthorization",
//可选。基于前端的注销机制。
"frontchannel_logout_supported": true,
//可选。基于session的注销机制。
"frontchannel_logout_session_supported": true,
//指⽰OP⽀持后端通道注销
"backchannel_logout_supported": true,
//可选的。指定RP是否需要在注销令牌中包含sid(session ID)声明,以在使⽤backchannel_logout_uri时⽤OP标识RP会话。如果省略,默认值为false。"backchannel_logout_session_supported": true,
//⽀持的范围
"scopes_supported": [
"openid",
"profile",
"email",
"address",
"phone",
"role",
"Open",
"offline_access"
],
/
/⽀持的claims
"claims_supported": [
"sub",
"birthdate",
"family_name",
"gender",
"given_name",
"locale",
"middle_name",
"name",
"nickname",
"picture",
"preferred_username",
"profile",
"updated_at",
"website",
"zoneinfo",
"email",
"email_verified",
"address",
"phone_number",
"phone_number_verified",
"role"
],
//授权类型
"grant_types_supported": [
"authorization_code",
"client_credentials",
webserver接口开发"refresh_token",
"implicit",
"password",
"urn:ietf:params:oauth:grant-type:device_code"
],
"response_types_supported": [
"code",
"token",
"id_token",
"id_token token",
"code id_token",
"code token",
"code id_token token"
],
"response_modes_supported": [
"form_post",
"query",
"fragment"
],
"token_endpoint_auth_methods_supported": [ "client_secret_basic",
"client_secret_post"
],
"id_token_signing_alg_values_supported": [ "RS256"
],
"subject_types_supported": [
"public"
],
"code_challenge_methods_supported": [ "plain",
"S256"
],
"request_parameter_supported": true
}