OAuth Configuration
This read-only section exposes your tenant's OIDC metadata and, when applicable, the metadata for a selected special flow. It allows client applications to auto-configure endpoints and validate identity and tokens.
Primary OIDC Configuration
- Metadata URL: Primary OIDC discovery URL (
/.well-known/openid-configuration) containing references to all standard endpoints. - Detailed Metadata (expandable panel): Shows each resolved endpoint individually:
- Authorization: Endpoint used to start the Authorization Code Flow (user redirection).
- Token: Endpoint where the client exchanges the
authorization_codeforaccess_token/id_token. May display "Not configured" if the flow does not expose it. - JWK: URL of the JWKS document with public keys used to verify token signatures.
- Issuer: Issuer identifier which must match the
issclaim in received tokens. - User Info: Endpoint to retrieve additional user claims using a valid
access_token.
- OAuth Scopes: List of scopes supported by the tenant (e.g.,
openid profile email). Determines which claims clients may request.
Special Flow Configuration
- Special Flow Type: Selector for an integrated flow/template (e.g., "Microsoft MFA"). Choosing a type loads metadata specific to that flow.
- Special Flow Metadata URL: Discovery URL for the selected special flow.
- Special Flow Detailed Metadata (expandable panel): Same structure as Detailed Metadata but for the special flow. Includes Authorization, Token, JWK, Issuer, and User Info endpoints provided by the external flow. Fields may show "Not configured" if the provider does not expose a given endpoint.
Usage Guidance
Use the primary metadata for standard OIDC integrations, and the special flow metadata only when the client must interoperate with an additional provider (e.g., an external MFA mechanism) without manually redefining endpoints.
