OIDC Endpoints
| Method | Path | Description |
|---|---|---|
| GET | /.well-known/openid-configuration |
Discovery document |
| GET | /.well-known/jwks.json |
Public JWK keyset (RS256) |
| GET/POST | /authorize |
Authorization endpoint — shows login form, issues auth code |
| POST | /token |
Token endpoint — exchanges auth code or refresh token |
| GET | /userinfo |
UserInfo endpoint — requires Authorization: Bearer <token> |
| GET/POST | /logout |
End-session endpoint — clears session, optional post_logout_redirect_uri |
| GET | /health |
Health check |
Demo Users
| Username | Password | Name | |
|---|---|---|---|
user1 |
password1 |
Alice Demo | alice@example.com |
user2 |
password2 |
Bob Demo | bob@example.com |
USER1 |
password1 |
Alice Demo | alice@example.com |
Registered Clients
| Client ID | Auth Method | Grant Types | Redirect URIs | Notes |
|---|---|---|---|---|
demo-client |
client_secret_basic |
authorization_coderefresh_token | http://localhost:8080/callbackhttp://127.0.0.1:8080/callbackhttps://phc-dev.auth.eu-west-1.amazoncognito.com/oauth2/idpresponsehttps://phc-test.auth.eu-west-1.amazoncognito.com/oauth2/idpresponsehttps://tino2-auth-phc.auth.eu-west-1.amazoncognito.com/oauth2/idpresponse |
secret: demo-secret |
public-client |
none |
authorization_code | http://localhost:8080/callbackhttp://127.0.0.1:8080/callbackhttps://phc-dev.auth.eu-west-1.amazoncognito.com/oauth2/idpresponsehttps://phc-test.auth.eu-west-1.amazoncognito.com/oauth2/idpresponsehttps://tino2-auth-phc.auth.eu-west-1.amazoncognito.com/oauth2/idpresponse |
PKCE required |
Quick-start: Authorization Code flow
Open this URL in a browser (issuer: https://oidcdemo.app.photocert.co.uk/):
https://oidcdemo.app.photocert.co.uk/authorize?response_type=code&client_id=demo-client&redirect_uri=http://localhost:8080/callback&scope=openid+profile+email&state=xyz