A well-known URL uses the following structure:
https://<domain>/.well-known/openid-configuration?client_id=<client-id>
In this example, the well-known URL becomes:
https://dev-84941762.okta.com/.well-known/openid-configuration?client_id=0oa5km1v306LXN57y5d7
The domain is
dev-84941762.okta.com
.
The Client ID,
0oa5km1v306LXN57y5d7
, was generated when you created the Native App.
Native App with Client ID
Entering the well-known URL in a web browser returns a response in a JSON file format. The JSON response includes information required for the ACS configuration:
Authorization endpoint
Token endpoint
The supported encrypting format
{
"issuer": "https://dev-84941762.okta.com",
"authorization_endpoint": "https://dev-84941762.okta.com/oauth2/v1/authorize",
"token_endpoint": "https://dev-84941762.okta.com/oauth2/v1/token",
"userinfo_endpoint": "https://dev-84941762.okta.com/oauth2/v1/userinfo",
"registration_endpoint": "https://dev-84941762.okta.com/oauth2/v1/clients/0oa5km1v306LXN57y5d7",
"jwks_uri": "https://dev-84941762.okta.com/oauth2/v1/keys?client_id=0oa5km1v306LXN57y5d7",
"response_types_supported": [
"code"
],
"response_modes_supported": [
"query",
"fragment",
"form_post",
"okta_post_message"
],
"grant_types_supported": [
"authorization_code",
"refresh_token",
"password",
"urn:ietf:params:oauth:grant-type:token-exchange"
],
"subject_types_supported": [
"public"
],
"id_token_signing_alg_values_supported": [
"RS256"
],
"scopes_supported": [
"openid",
"email",
"profile",
"address",
"phone",
"offline_access"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"claims_supported": [
"iss",
"ver",
"sub",
"aud",
"iat",
"exp",
"jti",
"auth_time",
"amr",
"idp",
"nonce",
"name",
"nickname",
"preferred_username",
"given_name",
"middle_name",
"family_name",
"email",
"email_verified",
"profile",
"zoneinfo",
"locale",
"address",
"phone_number",
"picture",
"website",
"gender",
"birthdate",
"updated_at",
"at_hash",
"c_hash"
],
"code_challenge_methods_supported": [
"S256"
],
"introspection_endpoint": "https://dev-84941762.okta.com/oauth2/v1/introspect",
"introspection_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"revocation_endpoint": "https://dev-84941762.okta.com/oauth2/v1/revoke",
"revocation_endpoint_auth_methods_supported": [
"client_secret_basic"
],
"end_session_endpoint": "https://dev-84941762.okta.com/oauth2/v1/logout",
"request_parameter_supported": true,
"request_object_signing_alg_values_supported": [
"HS256",
"HS384",
"HS512"
],
"device_authorization_endpoint": "https://dev-84941762.okta.com/oauth2/v1/device/authorize",
"pushed_authorization_request_endpoint": "https://dev-84941762.okta.com/oauth2/v1/par"
}