# OpenID Discovery Endpoint The **OpenID Discovery Endpoint** provides essential metadata about OpenID Provider (OP) - in this case, Corppass - configuration. This JSON document allows Relying Parties (RPs) to dynamically configure their interactions, ensuring they always use the correct endpoints, cryptographic algorithms, and supported features. ## Request ```http GET /.well-known/openid-configuration ``` ## Response The response is a JSON object containing the OpenID Provider (OP) metadata. {% hint style="info" %} **Performance Note: Caching** Responses from the OpenID Discovery Endpoint should be cached for at least 1 hour to minimize repeated requests during OIDC / OAuth2 operations. {% endhint %}
FieldTypeDescription
issuerStringThe URL identifying the OpenID Provider (OP) as the issuer of tokens. Defined in RFC 7519, Section 4.1.1.
jwks_uriStringThe URL of the OP's JSON Web Key Set (JWKS) endpoint. Clients use this endpoint to retrieve public keys for validating token signatures. Refer to RFC 7517, Section 4.
scopes_supportedArrayJSON array listing the OAuth 2.0 scope values that the OP supports, such as openid, which is mandatory for OpenID Connect flows.
claims_supportedArrayJSON array containing a list of Claim Names the OP may supply in tokens or the UserInfo response. Defined in OpenID Connect Core 1.0, Section 5.1.
claim_types_supportedArrayJSON array listing the Claim Types supported by the OP, such as normal, aggregated, or distributed. Defined in OpenID Connect Core 1.0, Section 5.6.
claims_parameter_supportedBooleanBoolean value indicating whether the OP supports the claims parameter to request specific claims. If omitted, the default value is false. Refer to OpenID Connect Core 1.0, Section 5.5.
subject_types_supportedArrayJSON array containing a list of Subject Identifier types that the OP supports, such as public or pairwise. Refer to OpenID Connect Core 1.0, Section 8.
code_challenge_methods_supportedArrayJSON array listing the Proof Key for Code Exchange (PKCE) code_challenge methods supported by the OP, such as S256. Defined in RFC 7636, Section 4.3.
grant_types_supportedArrayJSON array listing the OAuth 2.0 grant_type values supported by the OP, such as authorization_code or refresh_token. Refer to RFC 6749, Section 4.
request_parameter_supportedBooleanBoolean indicating whether the OP supports the request parameter for JWT-based requests. Default is false if omitted.
request_uri_parameter_supportedBooleanBoolean indicating whether the OP supports the request_uri parameter. Default is true if omitted.
response_types_supportedArrayJSON array containing a list of OAuth 2.0 response_type values that the OP supports. Defined in OAuth 2.0 Multiple Response Type Encoding Practices.
response_modes_supportedArrayJSON array listing OAuth 2.0 response_mode values supported by the OP, such as query or fragment. Defined in OAuth 2.0 Multiple Response Type Encoding Practices.
authorization_endpointStringThe URL of the OP's OAuth 2.0 Authorization Endpoint, where users authenticate and provide consent. Refer to OpenID Connect Core 1.0, Section 3.1.2.
authorization_response_iss_parameter_supportedBooleanBoolean indicating whether the OP includes the iss parameter in the authorization response. If omitted, the default value is false.
token_endpointStringThe URL of the OP's OAuth 2.0 Token Endpoint. Clients exchange an authorization code for tokens at this endpoint.
token_endpoint_auth_methods_supportedArrayJSON array listing the client authentication methods supported by the Token Endpoint, such as private_key_jwt. Refer to OpenID Connect Core 1.0, Section 9.
token_endpoint_auth_signing_alg_values_supportedArrayJSON array listing the JWS signing algorithms (alg values) supported by the Token Endpoint for JWT authentication. Refer to RFC 7518, Section 3.1.
id_token_signing_alg_values_supportedArrayJSON array listing the JWS signing algorithms (alg values) supported by the OP for signing ID Tokens. Defined in RFC 7518, Section 3.1.
id_token_encryption_alg_values_supportedArrayJSON array listing the JWE encryption algorithms (alg values) supported by the OP for encrypting ID Tokens. Defined in RFC 7516, Section 4.1.1.
id_token_encryption_enc_values_supportedArrayJSON array listing the JWE encryption algorithms (enc values) supported by the OP for encrypting ID Tokens. Defined in RFC 7516, Section 4.1.2.
userinfo_endpointStringThe URL of the OP's UserInfo Endpoint, used to retrieve claims about the authenticated user. Defined in OpenID Connect Core 1.0, Section 5.3.
userinfo_signing_alg_values_supportedArrayJSON array listing JWS signing algorithms (alg values) supported by the UserInfo Endpoint for encoding claims in a JWT. Defined in RFC 7515, Section 4.
userinfo_encryption_alg_values_supportedArrayJSON array listing JWE encryption algorithms (alg values) supported by the UserInfo Endpoint for encrypting claims in a JWT. Defined in RFC 7516, Section 4.1.1.
userinfo_encryption_enc_values_supportedArrayJSON array listing JWE encryption algorithms (enc values) supported by the UserInfo Endpoint for encrypting claims in a JWT. Defined in RFC 7516, Section 4.1.2.
userinfo_signing_alg_values_supportedArrayJSON array listing JWS signing algorithms (alg values) supported by the UserInfo Endpoint for encoding claims in a JWT. Defined in RFC 7515, Section 4.
### Sample Response ```http HTTP/2 200 content-type: application/json; charset=utf-8 content-length: 1667   { "name": "corppass", "issuer": "https://id.corppass.gov.sg", "jwks_uri": "https://id.corppass.gov.sg/.well-known/keys", "scopes_supported": [...], "claims_supported": [...], "claim_types_supported": [...], "claims_parameter_supported": false, "subject_types_supported": [...], "code_challenge_methods_supported": [...], "grant_types_supported": [...], "request_parameter_supported": false, "request_uri_parameter_supported": false, "response_types_supported": [...], "response_modes_supported": [...], "pushed_authorization_request_endpoint": "https://id.corppass.gov.sg/request", "authorization_endpoint": "https://id.corppass.gov.sg/mga/sps/oauth/oauth20/authorize", "authorization_response_iss_parameter_supported": false, "token_endpoint": "https://id.corppass.gov.sg/mga/sps/oauth/oauth20/token", "token_endpoint_auth_methods_supported": [...], "token_endpoint_auth_signing_alg_values_supported": [...], "id_token_signing_alg_values_supported": [...], "id_token_encryption_alg_values_supported": [...], "id_token_encryption_enc_values_supported": [...], "userinfo_endpoint": "https://id.corppass.gov.sg/userinfo", "userinfo_signing_alg_values_supported": [...], "userinfo_encryption_alg_values_supported": [...], "userinfo_encryption_enc_values_supported": [...] } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.corppass.gov.sg/technical-specifications/corppass-authorization-api-fapi-2.0/integration-guide/0.-well-known-endpoints/openid-discovery-endpoint.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.