# OIDC Discovery API
> Inspect any OpenID Connect / OAuth 2.0 provider. Pass an issuer (a domain, an issuer URL, or the full discovery URL) and the service fetches the provider's discovery document at /.well-known/openid-configuration, parses every endpoint — authorization, token, userinfo, jwks, registration, end-session, introspection, revocation and device-authorization — together with the supported scopes, response types, grant types, ID-token signing algorithms, PKCE methods and claims, then fetches the JWKS and summarises its signing keys (count, algorithms, key types and key IDs), and reports a validity check with any issues. A second endpoint fetches and summarises any JSON Web Key Set on its own. The request is made server-side and private/internal targets are refused (SSRF-guarded). Built for SSO and OAuth/OIDC integration, identity-provider configuration debugging (Auth0, Okta, Keycloak, Azure AD, Google), security review and monitoring of signing-key rotation. An OIDC discovery / JWKS inspector — distinct from the JWT toolkit (jwt), the security.txt parser (securitytxt) and the HTTP security-header grader (secheaders). No upstream key, no cache.

## Authentication
All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys.

```bash
curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/oidc-api/..."
```

## Pricing
- **Free** (Free) — 2,240 calls/Mo, 2 req/s
- **Starter** ($7/Mo) — 44,000 calls/Mo, 8 req/s
- **Pro** ($21/Mo) — 228,000 calls/Mo, 20 req/s
- **Mega** ($55/Mo) — 850,000 calls/Mo, 50 req/s

## Endpoints

### OIDC

#### `GET /v1/discover` — Discover an OIDC provider

**Parameters:**
- `issuer` (query, required, string) — Issuer URL, domain or discovery URL Example: `https://accounts.google.com`

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/oidc-api/v1/discover?issuer=https%3A%2F%2Faccounts.google.com"
```

#### `GET /v1/jwks` — Summarise a JWKS

**Parameters:**
- `url` (query, required, string) — JWKS (jwks_uri) URL Example: `https://www.googleapis.com/oauth2/v3/certs`

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/oidc-api/v1/jwks?url=https%3A%2F%2Fwww.googleapis.com%2Foauth2%2Fv3%2Fcerts"
```

### Meta

#### `GET /v1/meta` — Discovery path & notes

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/oidc-api/v1/meta"
```


---
Marketplace page: https://www.oanor.com/api/oidc-api
OpenAPI spec: https://www.oanor.com/api/oidc-api/openapi.json