added 2 more mandatory fields of wellknown endpoint

brozbab · brozbab · commit 74611047aea7 · 2024-11-11T11:40:03.000Z
diff --git a/api-reference/beta/api/identitycontainer-post-identityproviders.md b/api-reference/beta/api/identitycontainer-post-identityproviders.md
@@ -96,7 +96,7 @@ All the properties listed in the following tables are required.
 |displayName|String|The display name of the identity provider.|
 |clientId|String|The client ID for the application obtained when registering the application with the identity provider.|
 |issuer|String|The issuer URI. Issuer URI is a case-sensitive URL using https scheme contains scheme, host, and optionally, port number and path components and no query or fragment components.<br> **Note:** Configuring other Microsoft Entra tenants as an external identity provider is currently not supported. As a result, the `microsoftonline.com` domain in the issuer URI is not accepted.|
-|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, and  `response_types_supported`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
+|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, `response_types_supported`, `subject_types_supported` and `jwks_uri`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
 |responseType|String|The response type describes the type of information sent back in the initial call to the authorization_endpoint of the custom identity provider. Possible values: <br>`code`: As per the authorization code flow, a code is returned back to Entra External ID. Entra External ID proceeds to call the token_endpoint to exchange the code for the token.<br>`id_token`:  An ID token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).<br>`token`: An access token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).|
 |scope|String|Scope defines the information and permissions you are looking to gather from your custom identity provider.|
 |clientAuthentication|[clientAuthentication](../resources/clientAuthentication.md)|The client authentication settings.<br> use **`oidcClientSecretAuthentication`** type for setting up your identity provider with `client_secret_post` or `client_secret_jwt authentication` methods. <br> use **`oidcPrivateJwtKeyClientAuthentication`** type for setting up your identity provider with `private_key_jwt` authentication method. <br>Due to security reasons, `client_secret_basic` authentication method is not supported.|
diff --git a/api-reference/beta/api/identityproviderbase-update.md b/api-reference/beta/api/identityproviderbase-update.md
@@ -94,7 +94,7 @@ In Azure AD B2C, provide a JSON object the request body with one or more propert
 |displayName|String|The display name of the identity provider.|
 |clientId|String|The client ID for the application obtained when registering the application with the identity provider.|
 |issuer|String|The issuer URI. Issuer URI is a case-sensitive URL using https scheme contains scheme, host, and optionally, port number and path components and no query or fragment components.<br> **Note:** Configuring other Microsoft Entra tenants as an external identity provider is currently not supported. As a result, the `microsoftonline.com` domain in the issuer URI is not accepted.|
-|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, and  `response_types_supported`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
+|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, `response_types_supported`, `subject_types_supported` and `jwks_uri`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
 |responseType|String|The response type describes the type of information sent back in the initial call to the authorization_endpoint of the custom identity provider. Possible values: `code` , `id_token` , `token`.|
 |scope|String|Scope defines the information and permissions you are looking to gather from your custom identity provider.|
 |clientAuthentication|[clientAuthentication](../resources/clientAuthentication.md)|The client authentication settings.<li> use **oidcClientSecretAuthentication** type for setting up your identity provider with `client_secret_post` or `client_secret_jwt authentication` methods. <li> use **oidcPrivateJwtKeyClientAuthentication** type for setting up your identity provider with `private_key_jwt` authentication method. <li>Due to security reasons, `client_secret_basic` authentication method is not supported.|
diff --git a/api-reference/beta/resources/oidcIdentityProvider.md b/api-reference/beta/resources/oidcIdentityProvider.md
@@ -30,7 +30,7 @@ For the list of API operations for managing OpenID Connect identity providers, s
 |id|String|The identifier of the identity provider.Required. Inherited from [identityProviderBase](../resources/identityproviderbase.md). Read-only.|
 |clientId|String|The client ID for the application obtained when registering the application with the identity provider.|
 |issuer|String|The issuer URI. Issuer URI is a case-sensitive URL using https scheme contains scheme, host, and optionally, port number and path components and no query or fragment components.<br> **Note:** Configuring other Microsoft Entra tenants as an external identity provider is currently not supported. As a result, the `microsoftonline.com` domain in the issuer URI is not accepted.|
-|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, and  `response_types_supported`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
+|wellKnownEndpoint|String|The URL for the metadata document of the OpenID Connect identity provider. Every OpenID Connect identity provider describes a metadata document that contains most of the information required to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The OpenID Connect metadata document is always located at an endpoint that ends in `.well-known/openid-configuration`.<br> **Note:** The metadata document should, at minimum, contain the following properties: `issuer`, `authorization_endpoint`, `token_endpoint`, `token_endpoint_auth_methods_supported`, `response_types_supported`, `subject_types_supported` and `jwks_uri`. Visit [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) specifications for more details.|
 |responseType|String|The response type describes the type of information sent back in the initial call to the authorization_endpoint of the custom identity provider. Possible values: <br>`code`: As per the authorization code flow, a code is returned back to Entra External ID. Entra External ID proceeds to call the token_endpoint to exchange the code for the token.<br>`id_token`:  An ID token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).<br>`token`: An access token is returned back to Entra External ID from the custom identity provider. (This value is not supported at the moment).|
 |scope|String|Scope defines the information and permissions you are looking to gather from your custom identity provider.|
 |clientAuthentication|[clientAuthentication](../resources/clientAuthentication.md)|The client authentication settings.<br> use **`oidcClientSecretAuthentication`** type for setting up your identity provider with `client_secret_post` or `client_secret_jwt authentication` methods. <br> use **`oidcPrivateJwtKeyClientAuthentication`** type for setting up your identity provider with `private_key_jwt` authentication method. <br>Due to security reasons, `client_secret_basic` authentication method is not supported.|
