The Challengermode OAuth server endpoints are located at https://www.challengermode.com/oauth/. Below is a list and descriptions of the relevant endpoints for your integration with Challengermode's OAuth.

Authorization

get

https://www.challengermode.com/oauth/authorizeServing as the first point of interaction in most OAuth 2.0 flows, this endpoint is used to authenticate users and to collect their consent. By directing the user to this endpoint, you can initiate any of the following supported authentication flows:

Authorization Code Flow

Device Code Flow

Implicit Code Flow

Token

post

https://www.challengermode.com/oauth/tokenClients obtain access and ID tokens from the token endpoint in exchange for an OAuth 2.0 grant that can be obtained from the authorization endpoint.

Authorization Code Flow

Device Code Flow

Refresh Token Flow

Assertion Flow

Device

post

https://www.challengermode.com/oauth/deviceGenerate device codes that can be used to enable users to authenticate themselves on another device as part of the

Device Code Flow

UserInfo

post

/v1/me/userinfoThe UserInfo endpoint provides a method for client applications to retrieve additional information about the logged in user. Learn more about this endpoint and the information it returns here.

.well-known

For full configuration details of the Challengermode OAuth server, please refer to the .well-known configuration.