Guide

You don't know the endpoints required to create a custom provider

Suggest Edits

Question

I’m trying to create an OpenID Connect custom provider for a social login identity provider. However, I can’t find that provider’s token endpoint and its userinfo endpoint anywhere in their documentation. How do I track down this information?

Answer

As everyone knows, documentation can sometimes be hit-or-miss: sometimes you can find the information you’re looking for, and sometimes you can’t. (And, no, we’re not pretending that the Identity Cloud documentation is an exception to that rule). This is especially true when it comes to creating OAuth or OpenID Connect clients. From our own experiences, we can assure you that you’re not the only one who’s encountered this problem: sometimes key information (like the URLs for the token endpoint and the userinfo endpoint) can’t be found anywhere in the documentation. Other times that information is there, but, because the IdP doesn’t use standard terminology (like userinfo endpoint), it can be easy to overlook.

Fortunately, you can typically find the issuer URL somewhere in the IdP’s documentation; that’s because the issuer URL is the URL of your login page. For example, the issuer URL for the Twitch gaming platform is https://id.twitch.tv/oauth2.

So how does that help you ferret out the URLs for the token endpoint and the userinfo endpoint? Well, if you’re dealing with an OpenID Connect provider, you can extract that information from the provider’s discovery document. Even better, you can get the URL of the discovery document simply by tacking /.well-known/openid-configuration to the end of the issuer URL. In other words:

https://id.twitch.tv/oauth2/.well-known/openid-configuration

Once you know the discovery document URL, a simple API call to that URL returns detailed information about the provider, including URLs for the token endpoint and the userinfo endpoint:

"token\_endpoint": "**https://id.twitch.tv/oauth2/token**",
    "token\_endpoint\_auth\_methods\_supported": [
        "client\_secret\_post"
    ],
    "userinfo\_endpoint": "**https://id.twitch.tv/oauth2/userinfo**"=

In fact, you don’t even have to make an API call; simply typing the discovery document URL into your web browser returns the same information:

Updated over 2 years ago