API ReferenceTenant Identity

Retrieve OpenID Configuration for current Org

View as Markdown
Public OIDC discovery document pointing at the JWKS URIs. No authentication required. `id_token_signing_alg_values_supported` is intentionally empty because NICo issues bearer access JWTs, not OIDC `id_token`s; strict OIDC client libraries that require a non-empty algorithm list will reject this document. Use the JWKS endpoint directly for signature verification. Returns `404` when no identity material exists for this org/site.

Path parameters

orgstringRequired
Name of the Org
siteIDstringRequiredformat: "uuid"
ID of the Site

Response

OpenID discovery document
issuerstring
Issuer URL for OpenID Connect discovery
jwks_uristringformat: "uri"
URL of the JSON Web Key Set used to verify tokens
response_types_supportedlist of strings
OAuth response types supported by this issuer
subject_types_supportedlist of strings
Subject identifier types supported by this issuer
id_token_signing_alg_values_supportedlist of strings
ID token signing algorithms supported by this issuer
spiffe_jwks_uristringformat: "uri"

URL of the SPIFFE JSON Web Key Set used to verify SPIFFE JWT-SVIDs

Errors

404
Not Found Error
500
Internal Server Error
503
Service Unavailable Error