Skip to main content
MindTouch Success Center

OpenID Connect - Relying party endpoints

A list and descriptions of the relying party endpoints used in the OpenID Connect authorization code flow.

This solution is custom-configured for each client by MindTouch Professional Services. Elements and labels may differ from what is documented.

This solution became generally available April 5, 2019 and is only implemented by request for each MindTouch site.

Consult the following table, assuming {id}as a placeholder for an identity provider service id. In all cases, if the system cannot find an identity provider service id matching {id}, a HTTP 404 response will be returned. If the matching identity provider service is disabled, a HTTP 403 response will be returned.

The string default can be used in place of any {id}to use the configured default identity provider service.

Sign in endpoints

Endpoint Description

/@app/auth/{id}/login?returnto={url}

Responds with a HTTP redirect to a OpenID Connect identity provider authorize endpoint with a callback URL to the relying party's authorization code consumer endpoint. The optional URL encoded value of {url}is stored in a MindTouch site session, and is later used as a successful post-authentication HTTP redirect. If the request cannot be generated due to an error, the user is redirected to the homepage with an error message (public site behavior) or receives a HTTP 403 response (private site behavior).
/@app/auth/{id}/code The authorization code consumer endpoint receives an authorization code from an HTTP redirect. If the authorization code cannot be traded for a valid identity token from the identity provider's token endpoint, the user is redirected to the homepage with an error message (public site behavior) or receives a HTTP 403 response (private site behavior).

Sign out endpoints

Endpoint Description
/Special:UserLogout Signs the user out of the MindTouch site, and optionally redirects them to the identity provider they signed in with, if relying party initiated sign out has been configured. If the request cannot be generated due to an error, the user is redirected to the homepage with an error message.
  • Was this article helpful?