Search
K
Links
Comment on page

OIDC Client Configuration

Configure your OIDC Client to use Passage

OIDC App Endpoints and Client Settings

OIDC app endpoints and client settings can be found under the ‘OIDC’ tab on the Settings page. All endpoints and client settings are fixed. You will need these values to configure Passage as an provider in your OIDC client library or IDP.

Endpoints

Field
Description
OpenID Configuration
Provides configuration information about Passage to the OIDC relying party. HTTP Method: GET
Authorization URL
After a user has successfully authenticated via Passkeys, MagicLink or OTP the element will return a JWT AccessToken for the user. HTTP Method: POST
JWKS endpoint
Contains the signing keys the relay party uses to validate signatures from Passage. HTTP Method: GET
Token URL
Exchange an authorization code or refresh token for an Access Token. HTTP Method: POST
UserInfo URL
OIDC endpoint that allows a requested server to get basic information about the user. HTTP Method: GET

Client Settings

Field
Description
Client ID
The client id is used to allow Passage to identify your app.
Client Secret
The client secret is used for authentication and token exchange.

Supported Scopes

The following table lists the scopes currently supported by Passage. Please note, user metadata is not currently available in scopes.
Scope
Claims
openid (required)
sub: string
Unique identifer in Passage for the user
email
email: string
email_verified: bool
phone
phone_number: string
phone_number_verified: bool