2.2.3.2 OpenID Provider Metadata
OpenID Provider Metadata provides information about the OpenID connect provider, as described in [OIDCDiscovery] section 3.
Note:
The end_session_endpoint metadata field defined in [OIDCFrontChanLO] section 4 is required for the OpenID Connect 1.0 Protocol Extensions.<3>
The frontchannel_logout_supported and frontchannel_logout_session_supported metadata fields defined in [OIDCFrontChanLO] section 3 are required for the OpenID Connect 1.0 Protocol Extensions.<4>
The device_authorization_endpoint metadata fields defined in [RFC8628] section 4 are required for the OpenID Connect 1.0 Protocol Extensions.<5>
The OpenID Connect 1.0 Protocol Extensions extend OpenID Provider Metadata by adding a number of fields. See [OIDCDiscovery] section 3 for the OpenID Provider Metadata with the standard fields. The extended fields are defined as follows.
access_token_issuer: OPTIONAL. A string that specifies the issuer for access tokens issued by the OpenID provider.
microsoft_multi_refresh_token: OPTIONAL. A Boolean value that indicates whether the OpenID provider supports multi-resource refresh tokens, which are refresh tokens that can be redeemed for an access token for any resource registered with the AD FS server.
capabilities: OPTIONAL. A JSON array of strings describing additional protocol capabilities that are supported by the AD FS server.<6>