Invoking the coverage map service

The coverage map service is an unprotected endpoint that returns a JavaScript Object Notation (JSON) array of slash-terminated URI prefixes. The array of URI prefixes designates which web contexts are part of a Single Sign On (SSO) group, thus enabling clients to know whether a URI destination is deemed safe to send an access token.

The coverage map service returns a JSON array of URI prefixes, which are a unique set that is derived from the aggregation of the trusted_uri_prefixes parameter values specified in the registered clients. Therefore, a typical case for populating the coverage map service is to register clients and specify the trusted_uri_prefixes value.

The following example assumes that the Liberty OpenID Connect provider is configured with SSL on port 443.

https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map

Additionally, this example assumes that a client is registered with the specified trusted_uri_prefixes.

1. Specify a token_type URI query parameter on the coverage_map endpoint. The following is an example request that assumes that the client is registered with the specified trusted_uri_prefixes
   https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map?token_type=bearer

   The only token_type value that is supported is token_type=bearer.

2. Get the coverage map for the bearer token type, as shown in the following example.

   Request Headers:

   GET https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map?token_type=bearer

   Response Headers:

   Status: 200
   CacheControl: public, maxage=600
   ETag:"vvhkgXkRx+BzR3Q4kwCCqw=="
   ContentType: application/json

   Response Body:

   [
     "http://res1.ibm.com/",   "https://trusted.server.ibm.com:9554/resources/"
   ]

Parent topic:

Configure an OpenID Connect Client