OpenID Connect Relying Party Endpoints
- Applies to:
- MindTouch (current)
A list and descriptions of the relying party endpoints used in the OpenID Connect authorization code flow.
This solution is custom-configured for each client by MindTouch Professional Services. Elements and labels may differ from what is documented.
Consult the following table, assuming {id}
as a placeholder for an identity provider service id. In all cases, if the system cannot find an identity provider service id matching {id}
, a HTTP 404 response will be returned. If the matching identity provider service is disabled, a HTTP 403 response will be returned.
The string default can be used in place of any {id}
to use the configured default identity provider service.
Sign-In Endpoints
Endpoint | Description |
---|---|
/@app/auth/{id}/login?returnto={url} |
Responds with a HTTP redirect to a OpenID Connect identity provider authorize endpoint with a callback URL to the relying party's authorization code consumer endpoint. The optional URL encoded value of {url} is stored in an Expert site session, and is later used as a successful post-authentication HTTP redirect. If the request cannot be generated due to an error, the user is redirected to the homepage with an error message (public site behavior) or receives a HTTP 403 response (private site behavior). |
/@app/auth/{id}/code | The authorization code consumer endpoint receives an authorization code from an HTTP redirect. If the authorization code cannot be traded for a valid identity token from the identity provider's token endpoint, the user is redirected to the homepage with an error message (public site behavior) or receives a HTTP 403 response (private site behavior). |
Sign-Out Endpoints
Endpoint | Description |
---|---|
/Special:UserLogout | Signs the user out of the Expert site, and optionally redirects them to the identity provider they signed in with, if relying party initiated sign out has been configured. If the request cannot be generated due to an error, the user is redirected to the homepage with an error message. |