# OpenID Discovery Endpoint ``` GET /.well-known/openid-configuration ``` The OpenID Discovery Endpoint provides essential metadata about the OpenID Provider (OP) configuration. This metadata allows Relying Parties (RPs) to dynamically configure their interactions with the OP. {% hint style="info" %} Responses from the OpenID Discovery Endpoint should be cached for at least 1 hour to minimize repeated requests during OIDC/OAuth2 operations. {% endhint %} #### Response Response Example ```http HTTP/2 200 content-type: application/json; charset=utf-8 content-length: 1667   { "authorization_endpoint": "https://stg-id.corppass.gov.sg/mga/sps/oauth/oauth20/authorize", "claims_parameter_supported": false, "claims_supported": [ "nonce", "aud", "iss", "sub", "exp", "iat", "userInfo", "entityInfo", "AuthInfo", "TPAuthInfo", "rt_hash", "at_hash", "amr", "email", "email_verified", "sid", "auth_time", "EntityInfo" ], "code_challenge_methods_supported": [ "S256" ], "grant_types_supported": [ "authorization_code" ], "issuer": "https://stg-id.corppass.gov.sg", "jwks_uri": "https://stg-id.corppass.gov.sg/.well-known/keys", "authorization_response_iss_parameter_supported": false, "response_modes_supported": [ "form_post", "fragment", "query" ], "response_types_supported": [ "code" ], "scopes_supported": [ "openid" ], "subject_types_supported": [ "public" ], "token_endpoint_auth_methods_supported": [ "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "ES256", "ES256K", "ES384", "ES512" ], "token_endpoint": "https://stg-id.corppass.gov.sg/mga/sps/oauth/oauth20/token", "id_token_signing_alg_values_supported": [ "ES256" ], "id_token_encryption_alg_values_supported": [ "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES+A256KW" ], "id_token_encryption_enc_values_supported": [ "A256CBC-HS512" ], "request_parameter_supported": false, "request_uri_parameter_supported": false, "userinfo_endpoint": "https://stg-id.corppass.gov.sg/authorization-info", "userinfo_signing_alg_values_supported": [ "ES256" ], "userinfo_encryption_alg_values_supported": [ "A128KW", "A256KW", "ECDH-ES", "RSA-OAEP", "RSA-OAEP-256", "dir" ], "userinfo_encryption_enc_values_supported": [ "A128CBC-HS256", "A128GCM", "A256CBC-HS512", "A256GCM" ], "claim_types_supported": [ "normal" ], "name": "corppass", "authorization-info_endpoint": "https://stg-id.corppass.gov.sg/authorization-info" } ``` Response Fields
FieldTypeDescription
issuerStringThe URL identifying the OpenID Provider (OP) as the issuer of tokens. Defined in RFC 7519, Section 4.1.1.
authorization_endpointStringThe URL of the OP's OAuth 2.0 Authorization Endpoint, where users authenticate and provide consent. Refer to OpenID Connect Core 1.0, Section 3.1.2.
jwks_uriStringThe URL of the OP's JSON Web Key Set (JWKS) endpoint. Clients use this endpoint to retrieve public keys for validating token signatures. Refer to RFC 7517, Section 4.
response_types_supportedArrayJSON array containing a list of OAuth 2.0 response_type values that the OP supports. Defined in OAuth 2.0 Multiple Response Type Encoding Practices.
scopes_supportedArrayJSON array listing the OAuth 2.0 scope values that the OP supports, such as openid, which is mandatory for OpenID Connect flows.
subject_types_supportedArrayJSON array containing a list of Subject Identifier types that the OP supports, such as public or pairwise. Refer to OpenID Connect Core 1.0, Section 8.
claims_supportedArrayJSON array containing a list of Claim Names the OP may supply in tokens or the UserInfo response. Defined in OpenID Connect Core 1.0, Section 5.1.
grant_types_supportedArrayJSON array listing the OAuth 2.0 grant_type values supported by the OP, such as authorization_code or refresh_token. Refer to RFC 6749, Section 4.
token_endpointStringThe URL of the OP's OAuth 2.0 Token Endpoint. Clients exchange an authorization code for tokens at this endpoint.
token_endpoint_auth_methods_supportedArrayJSON array listing the client authentication methods supported by the Token Endpoint, such as private_key_jwt. Refer to OpenID Connect Core 1.0, Section 9.
token_endpoint_auth_signing_alg_values_supportedArrayJSON array listing the JWS signing algorithms (alg values) supported by the Token Endpoint for JWT authentication. Refer to RFC 7518, Section 3.1.
id_token_signing_alg_values_supportedArrayJSON array listing the JWS signing algorithms (alg values) supported by the OP for signing ID Tokens. Defined in RFC 7518, Section 3.1.
id_token_encryption_alg_values_supportedArrayJSON array listing the JWE encryption algorithms (alg values) supported by the OP for encrypting ID Tokens. Defined in RFC 7516, Section 4.1.1.
id_token_encryption_enc_values_supportedArrayJSON array listing the JWE encryption algorithms (enc values) supported by the OP for encrypting ID Tokens. Defined in RFC 7516, Section 4.1.2.
authorization-info_endpointStringThe URL of the OP's Authorization Info Endpoint, used to retrieve the user's authorization and third-party authorization details.
claims_parameter_supportedBooleanBoolean value indicating whether the OP supports the claims parameter to request specific claims. If omitted, the default value is false. Refer to OpenID Connect Core 1.0, Section 5.5.
code_challenge_methods_supportedArrayJSON array listing the Proof Key for Code Exchange (PKCE) code_challenge methods supported by the OP, such as S256. Defined in RFC 7636, Section 4.3.
authorization_response_iss_parameter_supportedBooleanBoolean indicating whether the OP includes the iss parameter in the authorization response. If omitted, the default value is false.
response_modes_supportedArrayJSON array listing OAuth 2.0 response_mode values supported by the OP, such as query or fragment. Defined in OAuth 2.0 Multiple Response Type Encoding Practices.
request_parameter_supportedBooleanBoolean indicating whether the OP supports the request parameter for JWT-based requests. Default is false if omitted.
request_uri_parameter_supportedBooleanBoolean indicating whether the OP supports the request_uri parameter. Default is true if omitted.
claim_types_supportedArrayJSON array listing the Claim Types supported by the OP, such as normal, aggregated, or distributed. Defined in OpenID Connect Core 1.0, Section 5.6.
userinfo_endpointStringThe URL of the OP's UserInfo Endpoint, used to retrieve claims about the authenticated user. Defined in OpenID Connect Core 1.0, Section 5.3.
userinfo_signing_alg_values_supportedArrayJSON array listing JWS signing algorithms (alg values) supported by the UserInfo Endpoint for encoding claims in a JWT. Defined in RFC 7515, Section 4.
userinfo_encryption_alg_values_supportedArrayJSON array listing JWE encryption algorithms (alg values) supported by the UserInfo Endpoint for encrypting claims in a JWT. Defined in RFC 7516, Section 4.1.1.
userinfo_encryption_enc_values_supportedArrayJSON array listing JWE encryption algorithms (enc values) supported by the UserInfo Endpoint for encrypting claims in a JWT. Defined in RFC 7516, Section 4.1.2.
{% hint style="info" %} The `userinfo_endpoint` in OIDC is analogous to the `authorization-info_endpoint` in the Corppass Authorization system, which provides similar functionalities, offering detailed information about the authenticated user after a successful login. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.corppass.gov.sg/technical-specifications/corppass-authorization-api-legacy/endpoints/well-known-endpoints/openid-discovery-endpoint.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.