API Reference

sso.gerege.mn OIDC endpoint-ууд

GET/.well-known/openid-configuration

OIDC Discovery document

GET/.well-known/jwks.json

EC P-256 JWK Set (ES256)

GET/oauth/authorize

Authorization endpoint — browser redirect

Parameters

client_idstringБүртгэлтэй client ID
redirect_uristringExact match бүртгэлтэй URI
response_typestringcode
scopestringopenid profile [pos] [social] [payment]
statestringCSRF protection
noncestringID token-д хадгалагдана
POST/oauth/token

Token endpoint — code exchange

Parameters

grant_typestringauthorization_code
codestringAuth code (нэг удаа)
client_idstring
client_secretstringBasic auth эсвэл form
redirect_uristringExact match

Response

{
  "access_token": "opaque_token",
  "token_type": "Bearer",
  "expires_in": 3600,
  "id_token": "eyJhbGciOiJFUzI1NiJ9...",
  "scope": "openid profile pos"
}
GET/oauth/userinfo

User info — Bearer token шаардана

Response

{
  "sub": "sha256_of_national_id",
  "name": "Батаа Дорж",
  "given_name": "Дорж",
  "family_name": "Батаа",
  "locale": "mn-MN",
  "tenant_id": "restaurant-govi",
  "tenant_role": "owner",
  "plan": "pro"
}
POST/oauth/revoke

Token revoke — RFC 7009

POST/oauth/introspect

Token introspection — active/inactive

ID Token Claims

ClaimТайлбар
subРегистрийн дугаарын SHA-256 hex
nameБүтэн нэр
given_nameНэр
family_nameОвог
cert_serialX.509 certificate serial
identity_assurance_levelhigh
amr["smartid", "pin1", "x509"]
tenant_idTenant slug (pos/social scope)
tenant_roleowner | admin | member
planstarter | pro | enterprise
localemn-MN