IdentityServer4 接口说明

Discovery定义了一个服务发现的规范，它定义了一个api（ /.well-known/openid-configuration ），这个api返回一个json数据结构，其中包含了一些OIDC中提供的服务以及其支持情况的描述信息，这样可以使得oidc服务的RP可以不再硬编码OIDC服务接口信息。这个api返回的示例信息如下（这里面只是一部分）。 

{
  //发行网址，也就是说我们的权限验证站点。
  "issuer": "https://localhost:44330",
  //发行网址，也就是说我们的权限验证站点。
  "jwks_uri": "https://localhost:44330/.well-known/openid-configuration/jwks",
  //授权服务器的授权端点的URL。
  "authorization_endpoint": "https://localhost:44330/connect/authorize",
  //获取token的网址
  "token_endpoint": "https://localhost:44330/connect/token",
  //根据token获取用户信息
  "userinfo_endpoint": "https://localhost:44330/connect/userinfo",
  //登录注销。
  "end_session_endpoint": "https://localhost:44330/connect/endsession",
  //客户端对check_session_iframe执行监视，可以获取用户的登出状态。
  "check_session_iframe": "https://localhost:44330/connect/checksession",
  //这个网址允许撤销访问令牌(仅access tokens 和reference tokens)。它实现了令牌撤销规范(RFC 7009)。
  "revocation_endpoint": "https://localhost:44330/connect/revocation",
  //introspection_endpoint是RFC 7662的实现。 它可以用于验证reference tokens(或如果消费者不支持适当的JWT或加密库，则JWTs)。
  "introspection_endpoint": "https://localhost:44330/connect/introspect",
  "device_authorization_endpoint": "https://localhost:44330/connect/deviceauthorization",
  //可选。基于前端的注销机制。
  "frontchannel_logout_supported": true,
  //可选。基于session的注销机制。
  "frontchannel_logout_session_supported": true,
  //指示OP支持后端通道注销
  "backchannel_logout_supported": true,
  //可选的。指定RP是否需要在注销令牌中包含sid(session ID)声明，以在使用backchannel_logout_uri时用OP标识RP会话。如果省略，默认值为false。
  "backchannel_logout_session_supported": true,
  //支持的范围
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "address",
    "phone",
    "role",
    "Open",
    "offline_access"
  ],
  //支持的claims
  "claims_supported": [
    "sub",
    "birthdate",
    "family_name",
    "gender",
    "given_name",
    "locale",
    "middle_name",
    "name",
    "nickname",
    "picture",
    "preferred_username",
    "profile",
    "updated_at",
    "website",
    "zoneinfo",
    "email",
    "email_verified",
    "address",
    "phone_number",
    "phone_number_verified",
    "role"
  ],
  //授权类型
  "grant_types_supported": [
    "authorization_code",
    "client_credentials",
    "refresh_token",
    "implicit",
    "password",
    "urn:ietf:params:oauth:grant-type:device_code"
  ],
  "response_types_supported": [
    "code",
    "token",
    "id_token",
    "id_token token",
    "code id_token",
    "code token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "query",
    "fragment"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "request_parameter_supported": true
}