Obtaining and Using Authorisation Server's .well-known Endpoint

Using OpenID Discovery

The .well-known/openid-configuration endpoint is a standard discovery mechanism defined by OpenID Connect to enable clients to dynamically obtain metadata about an OpenID Provider (OP), most often, an Authorisation Server. This metadata includes essential details such as:

• Issuer URL: The OP's base URL.

• Authorization, Token, and UserInfo Endpoints: URLs for authentication and token exchange.

• Supported Grant Types and Response Types: Defines allowed OAuth 2.0 flows.

• JSON Web Key Set (JWKS) URL: Location of the OP’s public keys for signature validation.

• Supported Scopes, Claims, and Algorithms: Lists available scopes (e.g., openid, profile) and security mechanisms.

Clients use this discovery endpoint to automate configuration, reducing manual setup and ensuring interoperability across OpenID Connect implementations.

For an example of the OpenID Dicovery Document, reference the Raidiam's Authorisation Server /.well-known endpoint.

Obtain Server's .well-known Endpoint

While getting a list of authorisation servers during the process described in the Find Data Providers and Authorisation Servers section, you receive configuration of an authorisation server registered within the Trust Framework.

Most importantly, the configuration of a server in Raidiam Connect includes the OpenIDDiscoveryDocument URI you can use to pull a detailed configuration of the authorisation server itself including the Dynamic Client Registration endpoint.

Get Server Configuration

Depending on the type of your ecosystem, get the server configuration in Raidiam using one of the below methods:

• Using Participants Endpoint in Open Data Ecosystems.

• Using Raidiam APIs in other Ecosystems.

Server Configuration Example

{
  "AuthorisationServerId": "East Credit Union AS",
  "AutoRegistrationNotificationWebhook": "https://east-credit-union.com/app/webhooks/",
  "AutoRegistrationSupported": false,
  "CreatedAt": "2024-05-04T09:42:00+00:00",
  "CustomerFriendlyDescription": "East Credit Union Authorisation Server",
  "CustomerFriendlyLogoUri": "https://east-credit-union.com/logo.svg",
  "CustomerFriendlyName": "East Credit Union",
  "DeprecatedDate": "2025-01-30",
  "DeveloperPortalUri": "https://east-credit-union.com/app/devs/",
  "FederationEndpoint": "https://east-credit-union.com/app/federation/",
  "FederationId": "string",
  "Issuer": "https://east-credit-union.com",
  "NotificationWebhook": "https://example.com",
  "NotificationWebhookAddedDate": "2025-01-30",
  "NotificationWebhookStatus": "Pending",
  "OpenIDDiscoveryDocument": "https://east-credit-union.com/app/api/.well-known/",
  "OrganisationId": "East Credit Union",
  "ParentAuthorisationServerId": "East Credit Union AS",
  "PayloadSigningCertLocationUri": "https://east-credit-union.com/app/jwksURI/",
  "RetirementDate": "2025-12-30",
  "SupersededByAuthorisationServerId": "f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
  "SupportsCiba": false,
  "SupportsDCR": true,
  "SupportsRedirect": true,
  "TermsOfServiceUri": "https://east-credit-union.com/tos/"
}

Get .well-known Out of Server Configuration

The Authorization Server's .well-known endpoint is returned within the Authorization Server's configuration as "OpenIDDiscoveryDocument".

In the above example, it is: "OpenIDDiscoveryDocument": "https://east-credit-union.com/app/api/.well-known/",. For an example of a working OpenID Dicovery Document, reference the Raidiam's Authorisation Server /.well-known endpoint.