OIDC Client Configuration

Configure your OIDC Client to use Passage

OIDC App Endpoints and Client Settings

OIDC app endpoints and client settings can be found under the ‘OIDC’ tab on the Settings page. All endpoints and client settings are fixed. You will need these values to configure Passage as an provider in your OIDC client library or IDP.




OpenID Configuration

Provides configuration information about Passage to the OIDC relying party. HTTP Method: GET

Authorization URL

After a user has successfully authenticated via Passkeys, MagicLink or OTP the element will return a JWT AccessToken for the user. HTTP Method: POST

JWKS endpoint

Contains the signing keys the relay party uses to validate signatures from Passage. HTTP Method: GET

Token URL

Exchange an authorization code or refresh token for an Access Token. HTTP Method: POST

UserInfo URL

OIDC endpoint that allows a requested server to get basic information about the user. HTTP Method: GET

Client Settings



Client ID

The client id is used to allow Passage to identify your app.

Client Secret

The client secret is used for authentication and token exchange.

Supported Scopes

The following table lists the scopes currently supported by Passage. Please note, user metadata is not currently available in scopes.



openid (required)

sub: string

Unique identifer in Passage for the user


email: string

email_verified: bool


phone_number: string

phone_number_verified: bool

Last updated