Skip to main content

AuthAction OAuth 2.0 & OpenID Connect Endpoints

AuthAction provides OAuth 2.0 and OpenID Connect (OIDC) authentication services with tenant-specific endpoints following the pattern:

https://{tenant-name}.{region}.authaction.com/

This document outlines the available endpoints and their purposes.

1. Issuer URL

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/
  • Description:
    • The base URL that identifies the OpenID provider.
    • Used in OIDC discovery to find supported endpoints.

2. Authorization Endpoint

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/oauth2/authorize
  • Description:
    • Initiates the OAuth 2.0 authorization code flow.
    • Used by applications to request authorization from users.
  • Supported Response Types:
    • code (Authorization Code Grant)

3. Token Endpoint

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/oauth2/token
  • Description:
    • Exchanges the authorization code for an access token.
    • Also used for refreshing tokens (if supported by the grant type).

4. User Info Endpoint

  • Endpoint:

    https://{tenant-name}.{region}.authaction.com/oauth2/user

  • Description:

    • Returns user profile information.
    • Requires a valid access token.

5. JSON Web Key Set (JWKS) URI

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/.well-known/jwks.json
  • Description:
    • Provides public keys for verifying JWT signatures.
    • Used by clients to validate ID and access tokens.

6. Dynamic Client Registration Endpoint

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/oauth2/register
  • Description:
    • Allows clients to register dynamically.
    • Used when client credentials are not pre-configured.

7. End Session (Logout) Endpoint

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/oauth2/logout
  • Description:
    • Logs the user out of the authentication session.
    • Can be used to clear SSO sessions.

8. Token Revocation Endpoint

  • Endpoint: 
    https://{tenant-name}.{region}.authaction.com/oauth2/revoke
  • Description:
    • Allows clients to revoke access or refresh tokens.
    • Ensures tokens are no longer valid if compromised or no longer needed.

9. Supported Claims

AuthAction provides the following claims in ID and access tokens:

  • aud - Audience (the intended recipient of the token).
  • created_at - Account creation timestamp.
  • email - User's email address.
  • email_verified - Whether the email is verified.
  • exp - Expiration time of the token.
  • iat - Issued-at time.
  • iss - Issuer URL.
  • name - Full name of the user.
  • sub - Subject (user identifier).

10. Supported Scopes

AuthAction supports the following scopes:

  • openid - Enables OpenID Connect authentication.
  • profile - Returns user profile details.
  • email - Provides the user's email address.

Conclusion

These endpoints allow applications to integrate with AuthAction for authentication and authorization. Ensure that your application is correctly configured to use the appropriate tenant and region in the URL structure.