IdP API Reference

Discovery — IdP API

Discovery endpoints for OpenID Connect and OAuth 2.0 configuration. These endpoints provide metadata about the authorization server, including supported features, endpoints, and cryptographic keys.

Base URL: https://idp.authpi.com — see the IdP API overview for the supported flows, or try these endpoints in the interactive reference.

`GET/{issuer_id}/jwks.json`

Issuer JSON Web Key Set

Returns the JSON Web Key Set (JWKS) for a specific issuer.

This is the issuer-specific JWKS endpoint referenced in the OpenID Connect Discovery document (jwks_uri). Currently, AuthPI uses the same signing keys across all issuers, but this may change in the future.

Recommendation: Always use the jwks_uri from the discovery document rather than constructing the URL manually.

Path parameters

Name	Type	Required	Description
`issuer_id`	string	Required	The unique identifier for the issuer/tenant

Responses

Code	Description	Schema
200	JSON Web Key Set containing public signing keys for this issuer	`IssuerJWKS`
404	Not Found - The requested resource does not exist.	`OAuthError`
405		—
429	Too Many Requests - Rate limit exceeded.	`OAuthError`
500	Internal Server Error - An unexpected error occurred.	`OAuthError`

`GET/{issuer_id}/.well-known/openid-configuration`

OpenID Connect Discovery

Returns the OpenID Connect Discovery document (OpenID Connect Discovery 1.0).

This endpoint provides metadata about the OpenID Provider, including:

Endpoints: Authorization, token, userinfo, and JWKS URIs
Supported features: Grant types, response types, scopes, and claims
Authentication methods: Supported client authentication mechanisms
Cryptographic capabilities: Signing algorithms and PKCE support

Clients SHOULD cache this document and refresh it periodically (recommended: every 24 hours).

Specification: OpenID Connect Discovery 1.0

Path parameters

Name	Type	Required	Description
`issuer_id`	string	Required	The unique identifier for the issuer/tenant

Responses

Code	Description	Schema
200	OpenID Connect Discovery document with provider metadata	`OpenIDConfiguration`
404	Not Found - The requested resource does not exist.	`OAuthError`
405		—
429	Too Many Requests - Rate limit exceeded.	`OAuthError`
500	Internal Server Error - An unexpected error occurred.	`OAuthError`

`GET/{issuer_id}/.well-known/oauth-authorization-server`

OAuth 2.0 Authorization Server Metadata

Returns the OAuth 2.0 Authorization Server Metadata document (RFC 8414).

This endpoint provides metadata about the OAuth 2.0 authorization server, including endpoints and supported features. Use this for OAuth 2.0 clients that don't require OpenID Connect features.

For full OIDC functionality, use the /.well-known/openid-configuration endpoint instead.

Specification: RFC 8414 - OAuth 2.0 Authorization Server Metadata

Path parameters

Name	Type	Required	Description
`issuer_id`	string	Required	The unique identifier for the issuer/tenant

Responses

Code	Description	Schema
200	OAuth 2.0 Authorization Server Metadata document	`OAuth2Metadata`
404	Not Found - The requested resource does not exist.	`OAuthError`
405		—
429	Too Many Requests - Rate limit exceeded.	`OAuthError`
500	Internal Server Error - An unexpected error occurred.	`OAuthError`