OidcDiscoveryField uses ConstantsTrait

Enumeration of standard fields published in the `/.well-known/openid-configuration` discovery document.

$config = json_decode( file_get_contents( $issuer . '/.well-known/openid-configuration' ) , true ) ;

$tokenEndpoint = $config[ OidcDiscoveryField::TOKEN_ENDPOINT ] ;
$jwksUri       = $config[ OidcDiscoveryField::JWKS_URI       ] ;

Tags

author

Marc Alcaraz (ekameleon)

since

1.1.0

Table of Contents

Constants

ACR_VALUES_SUPPORTED  : string = 'acr_values_supported'

`acr_values_supported` — list of ACR values supported by the OP.

AUTHORIZATION_ENDPOINT  : string = 'authorization_endpoint'

`authorization_endpoint` — URL of the authorization endpoint.

BACKCHANNEL_AUTHENTICATION_ENDPOINT  : string = 'backchannel_authentication_endpoint'

`backchannel_authentication_endpoint` — URL of the CIBA backchannel authentication endpoint.

BACKCHANNEL_LOGOUT_SESSION_SUPPORTED  : string = 'backchannel_logout_session_supported'

`backchannel_logout_session_supported` — Whether `sid` is included in the back-channel logout token.

BACKCHANNEL_LOGOUT_SUPPORTED  : string = 'backchannel_logout_supported'

`backchannel_logout_supported` — Whether back-channel logout is supported.

CHECK_SESSION_IFRAME  : string = 'check_session_iframe'

`check_session_iframe` — URL of the Session Management iframe.

CLAIM_TYPES_SUPPORTED  : string = 'claim_types_supported'

`claim_types_supported` — list of Claim Types supported: `normal`, `aggregated`, `distributed`.

CLAIMS_LOCALES_SUPPORTED  : string = 'claims_locales_supported'

`claims_locales_supported` — list of BCP47 language tags for claims values.

CLAIMS_PARAMETER_SUPPORTED  : string = 'claims_parameter_supported'

`claims_parameter_supported` — Whether the OP supports the `claims` parameter.

CLAIMS_SUPPORTED  : string = 'claims_supported'

`claims_supported` — list of Claim Names supported.

CODE_CHALLENGE_METHODS_SUPPORTED  : string = 'code_challenge_methods_supported'

`code_challenge_methods_supported` — PKCE methods supported (RFC 7636).

DEVICE_AUTHORIZATION_ENDPOINT  : string = 'device_authorization_endpoint'

`device_authorization_endpoint` — URL of the Device Authorization endpoint (RFC 8628).

DISPLAY_VALUES_SUPPORTED  : string = 'display_values_supported'

`display_values_supported` — list of `display` parameter values supported.

DPOP_SIGNING_ALG_VALUES_SUPPORTED  : string = 'dpop_signing_alg_values_supported'

`dpop_signing_alg_values_supported` — JWS algs supported for DPoP proof JWTs (RFC 9449).

END_SESSION_ENDPOINT  : string = 'end_session_endpoint'

`end_session_endpoint` — URL of the RP-Initiated Logout endpoint.

FRONTCHANNEL_LOGOUT_SESSION_SUPPORTED  : string = 'frontchannel_logout_session_supported'

`frontchannel_logout_session_supported` — Whether `sid` is included in the front-channel logout request.

FRONTCHANNEL_LOGOUT_SUPPORTED  : string = 'frontchannel_logout_supported'

`frontchannel_logout_supported` — Whether front-channel logout is supported.

GRANT_TYPES_SUPPORTED  : string = 'grant_types_supported'

`grant_types_supported` — list of `grant_type` values supported.

ID_TOKEN_ENCRYPTION_ALG_VALUES_SUPPORTED  : string = 'id_token_encryption_alg_values_supported'

`id_token_encryption_alg_values_supported` — JWE alg values for the ID Token.

ID_TOKEN_ENCRYPTION_ENC_VALUES_SUPPORTED  : string = 'id_token_encryption_enc_values_supported'

`id_token_encryption_enc_values_supported` — JWE enc values for the ID Token.

ID_TOKEN_SIGNING_ALG_VALUES_SUPPORTED  : string = 'id_token_signing_alg_values_supported'

`id_token_signing_alg_values_supported` — JWS algs for the ID Token.

INTROSPECTION_ENDPOINT  : string = 'introspection_endpoint'

`introspection_endpoint` — URL of the OAuth 2.0 introspection endpoint (RFC 8414).

INTROSPECTION_ENDPOINT_AUTH_METHODS_SUPPORTED  : string = 'introspection_endpoint_auth_methods_supported'

`introspection_endpoint_auth_methods_supported` — Client auth methods at the introspection endpoint.

INTROSPECTION_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED  : string = 'introspection_endpoint_auth_signing_alg_values...

`introspection_endpoint_auth_signing_alg_values_supported` — JWS algs for client assertions at the introspection endpoint.

ISSUER  : string = 'issuer'

`issuer` — URL using the https scheme that uniquely identifies the OP.

JWKS_URI  : string = 'jwks_uri'

`jwks_uri` — URL of the JWK Set document containing the OP's signing keys.

OP_POLICY_URI  : string = 'op_policy_uri'

`op_policy_uri` — URL describing the OP's policy on usage of profile data.

OP_TOS_URI  : string = 'op_tos_uri'

`op_tos_uri` — URL describing the OP's terms of service.

PUSHED_AUTHORIZATION_REQUEST_ENDPOINT  : string = 'pushed_authorization_request_endpoint'

`pushed_authorization_request_endpoint` — URL of the PAR endpoint (RFC 9126).

REGISTRATION_ENDPOINT  : string = 'registration_endpoint'

`registration_endpoint` — URL of the dynamic client registration endpoint.

REQUEST_OBJECT_ENCRYPTION_ALG_VALUES_SUPPORTED  : string = 'request_object_encryption_alg_values_supported'

`request_object_encryption_alg_values_supported` — JWE alg values for Request Objects.

REQUEST_OBJECT_ENCRYPTION_ENC_VALUES_SUPPORTED  : string = 'request_object_encryption_enc_values_supported'

`request_object_encryption_enc_values_supported` — JWE enc values for Request Objects.

REQUEST_OBJECT_SIGNING_ALG_VALUES_SUPPORTED  : string = 'request_object_signing_alg_values_supported'

`request_object_signing_alg_values_supported` — JWS algs for Request Objects.

REQUEST_PARAMETER_SUPPORTED  : string = 'request_parameter_supported'

`request_parameter_supported` — Whether the OP supports the `request` parameter.

REQUEST_URI_PARAMETER_SUPPORTED  : string = 'request_uri_parameter_supported'

`request_uri_parameter_supported` — Whether the OP supports the `request_uri` parameter.

REQUIRE_PUSHED_AUTHORIZATION_REQUESTS  : string = 'require_pushed_authorization_requests'

`require_pushed_authorization_requests` — Whether PAR is required (RFC 9126).

REQUIRE_REQUEST_URI_REGISTRATION  : string = 'require_request_uri_registration'

`require_request_uri_registration` — Whether `request_uri` values must be pre-registered.

RESPONSE_MODES_SUPPORTED  : string = 'response_modes_supported'

`response_modes_supported` — list of `response_mode` values supported.

RESPONSE_TYPES_SUPPORTED  : string = 'response_types_supported'

`response_types_supported` — list of `response_type` values supported.

REVOCATION_ENDPOINT  : string = 'revocation_endpoint'

`revocation_endpoint` — URL of the OAuth 2.0 revocation endpoint (RFC 8414).

REVOCATION_ENDPOINT_AUTH_METHODS_SUPPORTED  : string = 'revocation_endpoint_auth_methods_supported'

`revocation_endpoint_auth_methods_supported` — Client auth methods at the revocation endpoint.

REVOCATION_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED  : string = 'revocation_endpoint_auth_signing_alg_values_su...

`revocation_endpoint_auth_signing_alg_values_supported` — JWS algs for client assertions at the revocation endpoint.

SCOPES_SUPPORTED  : string = 'scopes_supported'

`scopes_supported` — list of OAuth 2.0 scope values supported.

SERVICE_DOCUMENTATION  : string = 'service_documentation'

`service_documentation` — URL of human-readable documentation for developers.

SUBJECT_TYPES_SUPPORTED  : string = 'subject_types_supported'

`subject_types_supported` — list of Subject Identifier types: `public`, `pairwise`.

TLS_CLIENT_CERTIFICATE_BOUND_ACCESS_TOKENS  : string = 'tls_client_certificate_bound_access_tokens'

`tls_client_certificate_bound_access_tokens` — Whether mTLS-bound tokens are supported (RFC 8705).

TOKEN_ENDPOINT  : string = 'token_endpoint'

`token_endpoint` — URL of the token endpoint.

TOKEN_ENDPOINT_AUTH_METHODS_SUPPORTED  : string = 'token_endpoint_auth_methods_supported'

`token_endpoint_auth_methods_supported` — Client auth methods at the token endpoint.

TOKEN_ENDPOINT_AUTH_SIGNING_ALG_VALUES_SUPPORTED  : string = 'token_endpoint_auth_signing_alg_values_supported'

`token_endpoint_auth_signing_alg_values_supported` — JWS algs for client assertions.

UI_LOCALES_SUPPORTED  : string = 'ui_locales_supported'

`ui_locales_supported` — list of BCP47 language tags for the UI.

USERINFO_ENCRYPTION_ALG_VALUES_SUPPORTED  : string = 'userinfo_encryption_alg_values_supported'

`userinfo_encryption_alg_values_supported` — JWE alg values for the UserInfo response.

USERINFO_ENCRYPTION_ENC_VALUES_SUPPORTED  : string = 'userinfo_encryption_enc_values_supported'

`userinfo_encryption_enc_values_supported` — JWE enc values for the UserInfo response.

USERINFO_ENDPOINT  : string = 'userinfo_endpoint'

`userinfo_endpoint` — URL of the UserInfo endpoint.

USERINFO_SIGNING_ALG_VALUES_SUPPORTED  : string = 'userinfo_signing_alg_values_supported'

`userinfo_signing_alg_values_supported` — JWS algs for the UserInfo response.