Add documentation for new Identity Token .well-known endpoint used …

…for Plugin WIF (#25469)
hashicorp · Feb 22, 2024 · 60fb3c1 · 60fb3c1
1 parent a15ecf3
commit 60fb3c1
Showing 1 changed file with 37 additions and 2 deletions.
diff --git a/website/content/api-docs/secret/identity/tokens.mdx b/website/content/api-docs/secret/identity/tokens.mdx
@@ -441,10 +441,45 @@ $ curl \
 
 ```json
 {
-  "issuer": "https://example.com:1234",
+  "issuer": "https://example.com/v1/identity/oidc",
   "authorization_endpoint": "",
   "token_endpoint": "",
-  "jwks_uri": "https://example.com:1234/.well-known/keys",
+  "jwks_uri": "https://example.com/v1/identity/oidc/.well-known/keys",
+  "response_types_supported": null,
+  "subject_types_supported": ["public"],
+  "id_token_signing_alg_values_supported": ["RS256"],
+  "scopes_supported": null,
+  "token_endpoint_auth_methods_supported": null,
+  "claims_supported": null
+}
+```
+
+## Read plugin identity .well-known configurations
+
+Use the `.well-known` endpoint to retrieve an
+[OpenID Provider Configuration Response](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse)
+with a set of claims about the identity token configuration for a plugin.
+
+| Method | Path                                             |
+| :----- | :----------------------------------------------- |
+| `GET`  | `identity/oidc/plugins/.well-known/openid-configuration` |
+
+### Sample request
+
+```shell-session
+$ curl \
+    --request GET \
+    http://127.0.0.1:8200/v1/identity/oidc/plugins/.well-known/openid-configuration
+```
+
+### Sample response
+
+```json
+{
+  "issuer": "https://example.com/v1/identity/oidc/plugins",
+  "authorization_endpoint": "",
+  "token_endpoint": "",
+  "jwks_uri": "https://example.com/v1/identity/oidc/plugins/.well-known/keys",
   "response_types_supported": null,
   "subject_types_supported": ["public"],
   "id_token_signing_alg_values_supported": ["RS256"],