Expose-metadata (Section)#
Path: /profiles/profile{id, type}/settings/authorization-server/openid-connect/expose-metadata
This section specifies what metadata is exposed on the OpenID Connect discovery endpoint for this profile.
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| jwks-uri-override | uri | optional | An optional value that must contain the full URL to the JWKS endpoint. If this is not set, the URL is established by deriving it from the first anonymous endpoint. | |
| cache-duration | uint32 | optional | 600 | The number of seconds that the metadata can be cached as network resource, as used in HTTP response headers. |
Subsections#
| Name | Type | Description |
|---|---|---|
| authorize-endpoint | Section | The authorize-endpoint to include in the published OpenID Connect configuration metadata. This is required when more than one authorize-endpoint is deployed on this profile. |
| token-endpoint | Section | The token-endpoint to include in the published OpenID Connect configuration metadata. This is required when more than one token-endpoint is deployed on this profile. |
| userinfo-endpoint | Section | The userinfo-endpoint to include in the published OpenID Connect configuration metadata. This is required when more than one userinfo-endpoint is deployed on this profile. |
| revocation-endpoint | Section | The revocation-endpoint to include in the published OpenID Connect configuration metadata. This is required when more than one revocation-endpoint is deployed on this profile. |
| introspection-endpoint | Section | The introspection-endpoint to include in the published OpenID Connect configuration metadata. This is required when more than one introspection-endpoint is deployed on this profile. |
| assisted-token-endpoint | Section | The assisted-token-endpoint to include in the published OpenID Connect configuration metadata. This is required when more than one assisted-token-endpoint is deployed on this profile. |
| dynamic-client-registration-endpoint | Section | The dynamic client registration endpoint to include in the published OpenID Connect configuration metadata.This is required when more than one dynamic-client-registration endpoint is deployed on this profile. |
| device-authorization-endpoint | Section | The device authorization endpoint to include in the published OpenID Connect configuration metadata.This is required when more than one device authorization endpoint is deployed on this profile. |
| backchannel-authentication-endpoint | Section | The backchannel authentication endpoint to include in the published OpenID Connect configuration metadata.This is required when more than one backchannel authentication endpoint is deployed on this profile. |
| session-endpoint | Section | The session endpoint to include in the published OpenID Connect configuration metadata.This is required when more than one session endpoint is deployed on this profile. |
| signed-metadata | Section | When present, a signed version of the metadata will be included in the response. The metadata will be included as a JWT, as issued by the default token-issuer of the current profile. |