{"openapi":"3.1.0","info":{"title":"OIDC Discovery API","version":"1.0.0","description":"Inspect any OpenID Connect / OAuth 2.0 provider. Pass an issuer (a domain, an issuer URL, or the full discovery URL) and the service fetches the provider's discovery document at /.well-known/openid-configuration, parses every endpoint — authorization, token, userinfo, jwks, registration, end-session, introspection, revocation and device-authorization — together with the supported scopes, response types, grant types, ID-token signing algorithms, PKCE methods and claims, then fetches the JWKS and summarises its signing keys (count, algorithms, key types and key IDs), and reports a validity check with any issues. A second endpoint fetches and summarises any JSON Web Key Set on its own. The request is made server-side and private/internal targets are refused (SSRF-guarded). Built for SSO and OAuth/OIDC integration, identity-provider configuration debugging (Auth0, Okta, Keycloak, Azure AD, Google), security review and monitoring of signing-key rotation. An OIDC discovery / JWKS inspector — distinct from the JWT toolkit (jwt), the security.txt parser (securitytxt) and the HTTP security-header grader (secheaders). No upstream key, no cache.","contact":{"name":"PremiumApi","url":"https://www.oanor.com/by/premiumapi"}},"servers":[{"url":"https://api.oanor.com/oidc-api","description":"oanor gateway"}],"tags":[{"name":"OIDC"},{"name":"Meta"}],"components":{"securitySchemes":{"oanorKey":{"type":"apiKey","in":"header","name":"x-oanor-key","description":"Get your key at https://www.oanor.com/developer/keys"}}},"security":[{"oanorKey":[]}],"paths":{"/v1/discover":{"get":{"operationId":"get_v1_discover","tags":["OIDC"],"summary":"Discover an OIDC provider","description":"","parameters":[{"name":"issuer","in":"query","required":true,"description":"Issuer URL, domain or discovery URL","schema":{"type":"string"},"example":"https://accounts.google.com"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"jwks":{"uri":"https://www.googleapis.com/oauth2/v3/certs","kids":["06c7c47679b808fcedf7391d7b1e3657bca30dbb","7b021671ede90ee5a375c022a523d490181a2c9d"],"key_count":2,"key_types":["RSA"],"algorithms":["RS256"]},"valid":true,"issuer":"https://accounts.google.com","issues":[],"endpoints":{"jwks":"https://www.googleapis.com/oauth2/v3/certs","token":"https://oauth2.googleapis.com/token","userinfo":"https://openidconnect.googleapis.com/v1/userinfo","revocation":"https://oauth2.googleapis.com/revoke","authorization":"https://accounts.google.com/o/oauth2/v2/auth","device_authorization":"https://oauth2.googleapis.com/device/code"},"discovery_url":"https://accounts.google.com/.well-known/openid-configuration","claims_supported":["aud","email","email_verified","exp","family_name","given_name","iat","iss","name","picture","sub"],"scopes_supported":["openid","email","profile"],"grant_types_supported":["authorization_code","refresh_token","urn:ietf:params:oauth:grant-type:device_code","urn:ietf:params:oauth:grant-type:jwt-bearer"],"response_types_supported":["code","token","id_token","code token","code id_token","token id_token","code token id_token","none"],"code_challenge_methods_supported":["plain","S256"],"id_token_signing_alg_values_supported":["RS256"]},"meta":{"timestamp":"2026-06-01T23:40:47.529Z","request_id":"6575444e-875d-45da-80c0-b07e99f7c10d"},"status":"ok","message":"OIDC provider discovered","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/jwks":{"get":{"operationId":"get_v1_jwks","tags":["OIDC"],"summary":"Summarise a JWKS","description":"","parameters":[{"name":"url","in":"query","required":true,"description":"JWKS (jwks_uri) URL","schema":{"type":"string"},"example":"https://www.googleapis.com/oauth2/v3/certs"}],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"url":"https://www.googleapis.com/oauth2/v3/certs","keys":[{"alg":"RS256","kid":"06c7c47679b808fcedf7391d7b1e3657bca30dbb","kty":"RSA","use":"sig"},{"alg":"RS256","kid":"7b021671ede90ee5a375c022a523d490181a2c9d","kty":"RSA","use":"sig"}],"kids":["06c7c47679b808fcedf7391d7b1e3657bca30dbb","7b021671ede90ee5a375c022a523d490181a2c9d"],"key_count":2,"key_types":["RSA"],"algorithms":["RS256"]},"meta":{"timestamp":"2026-06-01T23:40:47.641Z","request_id":"f18b997a-3211-40f0-b091-903cc7bd80df"},"status":"ok","message":"JWKS retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}},"/v1/meta":{"get":{"operationId":"get_v1_meta","tags":["Meta"],"summary":"Discovery path & notes","description":"","parameters":[],"security":[{"oanorKey":[]}],"responses":{"200":{"description":"OK","content":{"application/json":{"example":{"data":{"note":"Inspect any OpenID Connect / OAuth 2.0 provider. /v1/discover?issuer=https://accounts.google.com fetches the provider's discovery document at /.well-known/openid-configuration (pass an issuer, a bare domain, or the full discovery URL), parses every endpoint (authorization, token, userinfo, jwks, registration, end_session, introspection, revocation, device_authorization), the supported scopes, response types, grant types, signing algorithms, PKCE methods and claims, then fetches the JWKS and summarises its signing keys (count, algorithms, key types, key ids) and reports a validity check. /v1/jwks?url=... fetches and summarises any JSON Web Key Set on its own. The request is made server-side; private/internal targets are refused (SSRF-guarded). Ideal for SSO and OAuth/OIDC integration, IdP configuration debugging (Auth0, Okta, Keycloak, Azure AD, Google), security review and monitoring of signing-key rotation. An OIDC discovery/JWKS inspector — distinct from the JWT toolkit (jwt), the security.txt parser (securitytxt) and the HTTP security-header grader (secheaders). No key, no cache.","endpoints":["/v1/discover","/v1/jwks","/v1/meta"],"discovery_path":"/.well-known/openid-configuration"},"meta":{"timestamp":"2026-06-01T23:40:47.736Z","request_id":"9afea516-451b-4c86-8ecc-d1a1ed3d152d"},"status":"ok","message":"Meta retrieved","success":true}}}},"401":{"description":"Missing or invalid x-oanor-key header"},"402":{"description":"Active subscription required"},"429":{"description":"Rate-limit or monthly quota reached"},"502":{"description":"Upstream did not respond"}}}}},"x-oanor-pricing":[{"slug":"free","name":"Free","price_cents_month":0,"monthly_call_quota":2240,"rps_limit":2,"hard_limit":true},{"slug":"starter","name":"Starter","price_cents_month":655,"monthly_call_quota":44000,"rps_limit":8,"hard_limit":true},{"slug":"pro","name":"Pro","price_cents_month":2100,"monthly_call_quota":228000,"rps_limit":20,"hard_limit":true},{"slug":"mega","name":"Mega","price_cents_month":5490,"monthly_call_quota":850000,"rps_limit":50,"hard_limit":true}],"x-oanor-marketplace-url":"https://www.oanor.com/api/oidc-api"}