OIDC Client Configuration

Configure your OIDC Client to use Passage

OIDC app endpoints and client settings

OIDC app endpoints and client settings can be found under the Authentication Experience tab on the Authentication page. All endpoints and client settings are fixed. You will need these values to configure Passage as an provider in your OIDC client library or IDP.

Endpoints

Field	Description
OpenID Configuration	Provides configuration information about Passage to the OIDC relying party. HTTP Method: GET
Authorization URL	After a user has successfully authenticated via Passkeys, MagicLink or OTP the element will return a JWT AccessToken for the user. HTTP Method: POST
JWKS endpoint	Contains the signing keys the relay party uses to validate signatures from Passage. HTTP Method: GET
Token URL	Exchange an authorization code or refresh token for an Access Token. HTTP Method: POST
UserInfo URL	OIDC endpoint that allows a requested server to get basic information about the user. HTTP Method: GET

Client Settings

Field	Description
Client ID	The client id is used to allow Passage to identify your app.
Client Secret	The client secret is used for authentication and token exchange.

Supported Scopes

The following table lists the scopes currently supported by Passage. Please note, user metadata is not currently available in scopes.

Scope Claims

Scope	Claims
openID (required)	`sub: string` Unique identifier in Passage for the user
email	`email: string` `email_verified: bool`
phone	`phone_number: string` `phone_number_verified: bool`

openID (required)

sub: string

Unique identifier in Passage for the user

email

email: string

email_verified: bool

phone

phone_number: string

phone_number_verified: bool