API Reference
Relying Party (RP) Endpoints
| Endpoint | Description |
|---|---|
GET /rp/authorize | Initiate OAuth flow with external IdP |
GET /rp/callback/:idp | OAuth callback handler |
GET /rp/userinfo | Get current user info (requires auth) |
POST /signout | Sign out and clear session |
OIDC Provider (OP) Endpoints
| Endpoint | Description |
|---|---|
GET /.well-known/openid-configuration | OIDC discovery document |
GET /oauth2/jwks.json | JSON Web Key Set |
GET /oauth2/authorize | Authorization endpoint |
POST /oauth2/token | Token endpoint |
GET /oauth2/userinfo | UserInfo endpoint |
POST /oauth2/revoke | Token revocation endpoint |
User APIs
| Endpoint | Description |
|---|---|
GET /api/users/me | Get current user profile |
GET /api/users/me/identities | Get linked identity providers |
GET /api/sessions | List current user's sessions |
DELETE /api/sessions/:id | Revoke specific session |
DELETE /api/sessions | Revoke all other sessions |
Management APIs (Admin Required)
Identity Providers
| Endpoint | Description |
|---|---|
GET /api/idps | List identity providers |
POST /api/idps | Create identity provider |
GET /api/idps/:id | Get IdP details |
PUT /api/idps/:id | Update identity provider |
DELETE /api/idps/:id | Delete identity provider |
OAuth Clients
| Endpoint | Description |
|---|---|
GET /api/clients | List OAuth clients |
POST /api/clients | Create OAuth client |
GET /api/clients/:id | Get client details |
PUT /api/clients/:id | Update client |
DELETE /api/clients/:id | Delete client |
POST /api/clients/:id/rotate-secret | Rotate client secret |
Users
| Endpoint | Description |
|---|---|
GET /api/users | List all users (paginated) |
GET /api/users/:id | Get user by ID |
PUT /api/users/:id | Update user profile |
DELETE /api/users/:id | Delete user |
GET /api/users/:id/sessions | List user's active sessions |
DELETE /api/users/:id/sessions | Revoke all user sessions |
DELETE /api/users/:id/identities/:linkId | Unlink identity provider |
Roles & Permissions
| Endpoint | Description |
|---|---|
GET /api/roles | List roles and permissions |
GET /api/roles/:id | Get role with permissions |
POST /api/roles | Create custom role |
PUT /api/roles/:id | Update role |
DELETE /api/roles/:id | Delete role |
POST /api/users/:id/roles | Assign role to user |
DELETE /api/users/:id/roles/:roleId | Remove role from user |
GET /api/permissions | List all permissions |
POST /api/roles/:id/permissions | Add permission to role |
DELETE /api/roles/:id/permissions/:permId | Remove permission from role |
Audit Log
| Endpoint | Description |
|---|---|
GET /api/audit | List audit events (paginated) |
GET /api/audit/:id | Get audit event details |
GET /api/audit/events | List event types with counts |
GET /api/users/:id/audit | User's audit history |
Health Check
| Endpoint | Description |
|---|---|
GET /health | Full health check (database + JWKS) |
GET /health/live | Simple liveness probe |