Download OpenAPI specification:
A small subset of Keycloak APIs to handle OIDC protocol.
Lists endpoints and other relevant configuration options
| realm required | string The realm |
{- "frontchannel_logout_session_supported": true,
- "frontchannel_logout_supported": true,
- "grant_types_supported": [
- "string"
], - "acr_values_supported": [
- "string"
], - "response_types_supported": [
- "string"
], - "subject_types_supported": [
- "string"
], - "id_token_signing_alg_values_supported": [
- "string"
], - "id_token_encryption_alg_values_supported": [
- "string"
], - "id_token_encryption_enc_values_supported": [
- "string"
], - "userinfo_signing_alg_values_supported": [
- "string"
], - "userinfo_encryption_alg_values_supported": [
- "string"
], - "userinfo_encryption_enc_values_supported": [
- "string"
], - "request_object_signing_alg_values_supported": [
- "string"
], - "request_object_encryption_alg_values_supported": [
- "string"
], - "request_object_encryption_enc_values_supported": [
- "string"
], - "response_modes_supported": [
- "string"
], - "token_endpoint_auth_methods_supported": [
- "string"
], - "token_endpoint_auth_signing_alg_values_supported": [
- "string"
], - "introspection_endpoint_auth_methods_supported": [
- "string"
], - "introspection_endpoint_auth_signing_alg_values_supported": [
- "string"
], - "authorization_signing_alg_values_supported": [
- "string"
], - "authorization_encryption_alg_values_supported": [
- "string"
], - "authorization_encryption_enc_values_supported": [
- "string"
], - "claims_supported": [
- "string"
], - "claim_types_supported": [
- "string"
], - "claims_parameter_supported": true,
- "scopes_supported": [
- "string"
], - "request_parameter_supported": true,
- "request_uri_parameter_supported": true,
- "require_request_uri_registration": true,
- "code_challenge_methods_supported": [
- "string"
], - "tls_client_certificate_bound_access_tokens": true,
- "revocation_endpoint_auth_methods_supported": [
- "string"
], - "revocation_endpoint_auth_signing_alg_values_supported": [
- "string"
], - "backchannel_logout_supported": true,
- "backchannel_logout_session_supported": true,
- "backchannel_token_delivery_modes_supported": [
- "string"
], - "backchannel_authentication_request_signing_alg_values_supported": [
- "string"
], - "require_pushed_authorization_requests": true,
- "mtls_endpoint_aliases": {
}, - "authorization_response_iss_parameter_supported": true
}Generate a user code
| realm required | string The realm |
| client_id required | string |
| client_secret | string |
| scope | string |
{- "device_code": "string",
- "user_code": "string",
- "expires_in": 0,
- "interval": 0
}Using the /token endpoint, poll for a token with the new device code grant type.
The link with the previous step is done with the device_code returned previously:
| realm required | string The realm |
| client_id required | string |
| device_code | string |
| client_secret | string |
| grant_type required | string |
| refresh_token | string |
| property name* additional property | any |
{- "access_token": "string",
- "expires_in": 0,
- "refresh_expires_in": 0,
- "refresh_token": "string",
- "token_type": "string",
- "id_token": "string",
- "not-before-policy": 0,
- "session_state": "string",
- "scope": "string"
}