Trango ComputeContextIQPreview
Get started

Free tool · No sign-up required

OIDC Inspector —
discover any identity provider instantly.

Enter any domain and scan for OpenID Connect and OAuth 2.0 provider configurations. Detects Google, Microsoft Azure AD, Auth0, Okta, AWS Cognito, Keycloak, and more — in seconds.

Open OIDC Inspector →Free to use

Identity providers detected

Google IdentityMicrosoft Azure ADAuth0OktaAWS CognitoKeycloakPingIdentityOneLoginSalesforce IdentityGitLabApple ID

What it shows you

Parallel subdomain scan

Enter a domain like company.com and optionally scan 11 common auth subdomains simultaneously — auth., login., sso., id., oidc., and more. Finds OIDC providers your team may not have documented.

Full discovery document

Fetches and parses /.well-known/openid-configuration and /.well-known/oauth-authorization-server. Extracts authorization endpoint, token endpoint, userinfo endpoint, JWKS URI, supported scopes, grant types, and response modes.

JWKS key inspection

Fetches the JSON Web Key Set from the jwks_uri. Displays each public key's type (RSA, EC, OKP), algorithm, key ID, and usage. Download the full JWKS as JSON. Pro feature.

Security posture check

Flags whether PKCE (Proof Key for Code Exchange) is advertised via code_challenge_methods_supported. PKCE absence from a public-facing OIDC provider is a security signal worth knowing about.

Authorization Code Flow diagram

Renders a visual sequence diagram of the OIDC Authorization Code flow using the discovered endpoints — browser to authorization server, code exchange, token request, and UserInfo call.

Raw JSON download

Download the full openid-configuration document and JWKS as JSON files. Useful for auditing, documentation, or feeding into automated security tooling. Pro feature.

Subdomains scanned in parallel

auth.login.sso.id.identity.accounts.oauth.oidc.as.access.connect.+ primary domain

Who uses it

Security engineers

Audit the OIDC configurations across all your organization's identity providers. Verify PKCE support, inspect signing algorithms, and confirm jwks_uri is reachable before a pentest or compliance review.

Backend developers

Integrating a third-party OIDC provider and need to find the authorization endpoint, token endpoint, or supported scopes? Faster than reading docs — just scan the domain.

Platform and DevOps teams

Discover undocumented OIDC providers running on auth subdomains within your infrastructure. Useful before migrations or when documenting your IAM landscape.

Try OIDC Inspector free →See all ContextIQ tools