OpenID Connect & OAuth endpoints
These URLs are served by this host (same origin as the UI). Use them when configuring OAuth 2.0 / OpenID Connect clients.
| Area | Method | Path | Description |
|---|---|---|---|
| Discovery | GET | /.well-known/openid-configuration | OpenID Provider metadata (JSON). |
| GET | /.well-known/jwks.json | Signing keys for validating id_token / access tokens. |
|
| OAuth | GET | /connect/authorize |
Authorization endpoint (browser redirect; requires PKCE S256 and openid scope). |
| GET | /connect/authorize/resume |
Internal step after sign-in; completes the code flow redirect. | |
| POST | /connect/token |
Token endpoint (application/x-www-form-urlencoded). Grants: authorization_code, refresh_token. |
|
| UserInfo | GET / POST | /connect/userinfo |
Returns claims for the access token subject (send Authorization: Bearer). |
Register redirect URIs and allowed scopes under Administration → Applications (requires the appropriate role).