Well-known

OIDC Discovery Document

Overview

The discovery document, also referred to as the "well-known endpoint," contains OpenID Connect values that can be retrieved by OIDC clients. The discovery document enables OIDC clients to configure themselves in order to be able to access your implementation of Next Identity. A client that connects to your discovery document can do any of the following:

  • Identify the claims and grant types that you support.
  • Retrieve the URLs of your introspection server and your JSON Web Keys.
  • Determine which PKCE (Proof Key for Code Exchange) challenge methods you support.

These can be done automatically, without requiring anyone to configure these values into the client. The OIDC clients can also obtain discovery documents on their own. Your well-known endpoint can always be reached by adding the string value /.well-known/openid-configuration to the end of your Base Domain, for example https://id.eu.nextreason.com/.well-known/openid-configuration.

Base Domain

In this example above, the base domain is https://id.eu.nextreason.com/.

📘

About base domains

Your base domain will be customized for your integration and for enterprise customers will be customized for your site name or brand name. If you don't know your base domain, please contact your Next Reason integration consultant.

Parameters

The /.well-known endpoint adheres to the OIDC authentication protocol. To view the parameters that must be and can be included in the discovery document, please refer to the official OIDC documentation at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig.
Your specific parameters may vary depending on your configuration; if you're unclear on the parameters to use, please contact your Next Reason integration consultant.