Skip to content

Discover OpenID Connect endpoints of WSO2 Identity Server

When you build OpenID Connect login in your application using WSO2 Identity Server as your identity provider, you need to get the OpenID Connect endpoints and configurations from WSO2 Identity Server.

You can do this by invoking the discovery endpoint API or by using the WSO2 Identity Server Console as explained below.


To get started, you need to have an application registered in WSO2 Identity Server:

Use the discovery endpoint

OpenID Connect Discovery allows you to discover the metadata such as endpoints, scopes, response types, claims, and supported client authentication methods of identity providers such as WSO2 Identity Server.

Applications can dynamically discover the OpenID Connect identity provider metadata by calling the OpenID Connect discovery endpoint. The structure of the request URL is as follows: <issuer>/.well-known/openid-configuration.

Issuer of WSO2 Identity Server


Discovery endpoint of WSO2 Identity Server


Sample request

curl --location --request GET 'https://localhost:9443/oauth2/token/.well-known/openid-configuration'
var settings = {
    "url": "https://localhost:9443/oauth2/token/.well-known/openid-configuration",
    "method": "GET",
    "timeout": 0,

$.ajax(settings).done(function (response) {
var axios = require('axios');

var config = {
    method: 'get',
    url: 'https://localhost:9443/oauth2/token/.well-known/openid-configuration',
    headers: {}

    .then(function (response) {
    .catch(function (error) {

Sample response

   "introspection_endpoint" : "https://localhost:9443/oauth2/introspect",
   "end_session_endpoint" : "https://localhost:9443/oidc/logout",
   "registration_endpoint" : "https://localhost:9443/api/identity/oauth2/dcr/v1.0/register",
   "token_endpoint" : "https://localhost:9443/oauth2/token",
   "jwks_uri" : "https://localhost:9443/oauth2/jwks",
   "revocation_endpoint" : "https://localhost:9443/oauth2/revoke",
   "authorization_endpoint" : "https://localhost:9443/oauth2/authorize",
   "issuer" : "https://localhost:9443/oauth2/token"

Get endpoints from the console

Some applications and SDKs are not capable of dynamically resolving endpoints from OpenID Connect discovery. For such applications, you need to configure endpoints manually.

You can get the endpoints from the console as follows:

  1. On the WSO2 Identity Server, go to Applications.

  2. Select an OIDC application from the list.

  3. Go to the Info tab of the application and find the server endpoints to your organization.


What's next?

Explore how OpenID Connect endpoints are used when you implement login to your applications: