Overview
Auth0 supports creating an OIDC connection via the discovery endpoint (/.well-known/openid-configuration) of the OIDC IdP.
If the OIDC IdP settings (e.g., authorization_endpoint, token_endpoint etc.) changes, it is reflected in the discovery endpoint content.
Solution
- There are two ways to create or update an OIDC connection - via OIDC discovery endpoint or via supplying the OIDC IdP settings (e.g., issuer, authorization_endpoint, token_endpoint and etc) explicitly.
The Auth0 management dashboard supports creating the OIDC connection via discovery endpoint and updating the OIDC connection via configuration data explicitly.
The Auth0 management API supports both ways of creating and updating OIDC connections.
So, if there is a need to update the OIDC connection via the discovery endpoint, the Auth0 Management API must be used.
- Example payload of management API calls
- As shown in the above table, the Auth0 Management API accepts both discovery endpoint and OIDC IdP settings when creating/updating an OIDC connection.
When both are present, the OIDC IdP settings take precedence.
So, if there is a need to create/update an OIDC connection via the discovery endpoint, please ensure to NOT include any OIDC IdP settings in the payload (options or options.oidc_metadata). Here is such a payload for example:
{
“options”: {
“client_id”: “abcd1234”,
“discovery_url”: “https://OIDC_IDP_DOMAIN/.well-known/openid-configuration”
}
}