OIDC Client Configuration

Configure your OIDC Client to use Passage

OIDC app endpoints and client settings

OIDC app endpoints and client settings can be found under the Authentication Experience tab on the Authentication page. All endpoints and client settings are fixed. You will need these values to configure Passage as an provider in your OIDC client library or IDP.

Endpoints

FieldDescription
OpenID Configuration

Provides configuration information about Passage to the OIDC relying party.

HTTP Method: GET

Authorization URL

After a user has successfully authenticated via Passkeys, MagicLink or OTP the element will return a JWT AccessToken for the user.

HTTP Method: POST

JWKS endpoint

Contains the signing keys the relay party uses to validate signatures from Passage.

HTTP Method: GET

Token URL

Exchange an authorization code or refresh token for an Access Token.

HTTP Method: POST

UserInfo URL

OIDC endpoint that allows a requested server to get basic information about the user.

HTTP Method: GET

Client Settings

FieldDescription
Client IDThe client id is used to allow Passage to identify your app.
Client SecretThe client secret is used for authentication and token exchange.

Supported Scopes

The following table lists the scopes currently supported by Passage. Please note, user metadata is not currently available in scopes.

ScopeClaims
openID (required)

sub: string

Unique identifier in Passage for the user

email

email: string

email_verified: bool

phone

phone_number: string

phone_number_verified: bool