Under Devices > Identity Servers > Edit > OAuth & OpenID Connect > EndPoint Summary, you can view the following endpoints:
Authorization EndPoint - nidp/oauth/nam/authz
Registration EndPoint: nidp/oauth/nam/clients
Token EndPoint: nidp/oauth/nam/token
Token Introspect EndPoint: nidp/oauth/v1/nam/introspect
UserInfo EndPoint: nidp/oauth/nam/userinfo
OpenID Metadata EndPoint: nidp/oauth/nam/.well-known/openid-configuration
Revocation EndPoint: nidp/oauth/nam/revoke
JSON Web Key Set EndPoint: nidp/oauth/nam/keys
Logout EndPoint: nidp/oauth/v1/nam/end_session
Authorization EndPoint: Enables client applications to interact with the resource owner and obtain an authorization grant. It is located on an authorization server.
Registration EndPoint: Enables registering client applications on the authorization server. It is located on the authorization server.
Token EndPoint: Enables client applications to obtain an access token by providing its authorization grant or refresh token. It is located on an authorization server. This endpoint supports SAML bearer assertion. A SAML assertion can be sent to this endpoint to generate a token.
TokenInfo Endpoint (deprecated, use Token Introspect Endpoint): Enables the resource server to validate access and refresh tokens when the client sends the token. Also, you can get the details of the tokens to introspect the token.
Since this endpoint is deprecated. to validate and check the status of the access or the refresh tokens, send the request to Token Introspect Endpoint.
Token Introspect Endpoint: Enables the protected resource server to check the status and details (meta-information) of an access or a refresh token. This endpoint provides the token status in the JSON format. For details about request and response, see Token Introspect Endpoint in the Access Manager 5.0 OAuth Application Developer Guide.
UserInfo EndPoint: Provides information about the user associated with the access token in the standard OpenID Connect format.
OpenID Metadata EndPoint: Provides information about OpenID provider metadata. It includes information about supported algorithms, authorization endpoints, scope, response type, response mode, and authentication methods. For example, this lists the supported Proof Key for Code Exchange by OAuth Public Clients (PKCE) methods, code_challenge_methods_supported":["plain","S256"]. For more information about PKCE flow, see API documentation.
NOTE:If a scope does not require users’ permission, claims_supported and scopes_supported fields of the metadata do not display defined claims and defined scopes.
Revocation Endpoint: Enables Authorization server to revoke refresh tokens (JWT) and its corresponding access tokens (JWT) with the defined claims.
JSON Web Key Set Endpoint: Provides the information about the signing certificate that is used by Access Manager.
Logout Endpoint: Provides the information about logout that is used by Access Manager.
NOTE:As per OAuth specifications, endpoints must not accept any non-HTTPS request. However, Access Manager supports non-HTTPS requests also. This is required to enable OAuth in scenarios when Access Manager is deployed behind a third-party SSL accelerator.