Skip to main content
curl --request GET \
    --url https://${projectDomain}/.well-known/openid-configuration

{
  "authorization_endpoint": "https://example.com/oauth2/authorize",
  "grant_types_supported": [
    "authorization_code"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://${projectDomain}",
  "jwks_uri": "https://${projectDomain}/.well-known/jwks.json",
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "response_types_supported": [
    "code"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "phone",
    "offline_access"
  ],
  "status_code": 200,
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://${projectDomain}/v1/oauth2/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://${projectDomain}/v1/oauth2/userinfo"
}
GET
https://${projectdomain}
/
.well-known
/
openid-configuration
curl --request GET \
    --url https://${projectDomain}/.well-known/openid-configuration

{
  "authorization_endpoint": "https://example.com/oauth2/authorize",
  "grant_types_supported": [
    "authorization_code"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "issuer": "https://${projectDomain}",
  "jwks_uri": "https://${projectDomain}/.well-known/jwks.json",
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
  "response_types_supported": [
    "code"
  ],
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "phone",
    "offline_access"
  ],
  "status_code": 200,
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint": "https://${projectDomain}/v1/oauth2/token",
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "userinfo_endpoint": "https://${projectDomain}/v1/oauth2/userinfo"
}
Get the OpenID configuration for a project. The configuration can be used to determine the endpoints and settings for the Connected App’s OpenID flow. This endpoint uses your Custom Domain. No authorization is needed for this endpoint. This endpoint implements the OpenID configuration endpoint.
We recommend using the Custom Domain whenever possible. For backwards compatibility reasons, this endpoint is also available at https://test.stytch.com/v1/public/${projectId}/.well-known/openid-configuration.

Response

authorization_endpoint
string
The URL of the authorization endpoint. The authorization endpoint is UI hosted by your application and is configured within the Stytch dashboard.
grant_types_supported
array
JSON array containing a list of the OAuth 2.0 grant types supported.
id_token_signing_alg_values_supported
array
JSON array containing a list of the JWS signing algorithms (alg values) supported for the ID Token to encode the Claims in a JWT. RS256 is included by default.
issuer
string
The URL of the issuer, as returned by the iss claim in the token.
  • If your project uses a custom domain (CNAME) for API requests, this will be your custom domain (e.g., https://login.yourcompany.com), which is fully OIDC compliant.
  • If you do not use a custom domain, the issuer will be stytch.com/$project_id, which is not fully OIDC compliant and may not be accepted by all OIDC clients.
To ensure OIDC compliance, set up and use a custom domain for your authentication flows. See the Custom Domains guide for more information.
jwks_uri
string
The URL of the JWKS endpoint.
response_types_supported
array
JSON array containing a list of the OAuth 2.0 response_type values supported.
scopes_supported
array
JSON array containing a list of the OAuth 2.0 scope values supported. openid is supported by default. Note that any custom scopes you specify in an RBAC configuration will also be listed here.
subject_types_supported
array
JSON array containing a list of the Subject Identifier types supported.
token_endpoint
string
The URL of the token endpoint.
token_endpoint_auth_methods_supported
array
JSON array containing a list of Client Authentication methods supported by the Token Endpoint.
request_id
string
Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we may ask for this value to help identify a specific API call when helping you debug an issue.
status_code
number
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.