# Discovery

ESS uses **`/.well-known`** URIs to provide metadata about its services.

{% hint style="info" %}
**Note**\
[**RFC 8615**](https://datatracker.ietf.org/doc/html/rfc8615.html) (Well-Known Uniform Resource Identifiers (URIs) RFC specification) is currently in proposal state.

* Features based on draft/proposed specifications are subject to change and/or removal.
* The properties found in ESS services’ metadata may use custom properties (i.e., not defined in the [Solid Vocabularies](https://github.com/solid/vocab) ) and are also subject to change and/or removal.
  {% endhint %}

## `/.well-known` URIs

### `/.well-known/openid-configuration`

ESS provides [Solid OIDC Broker Service](https://docs.inrupt.com/ess/2.5/services/service-oidc) metadata at the following **`/.well-known/openid-configuration`** URI:

```none
https://openid.<ESS DOMAIN>/.well-known/openid-configuration
```

The endpoint returns the current deployment’s [Solid OIDC Broker Service](https://docs.inrupt.com/ess/2.5/services/service-oidc) metadata.

### `/.well-known/solid`

{% hint style="info" %}
**Subject to Change**\
This endpoint is subject to change and may be replaced in the future.
{% endhint %}

ESS provides [Pod Storage Service](https://docs.inrupt.com/ess/2.5/services/service-pod-management/service-pod-storage) (and related) metadata at the following **`.well-known/solid`** URI:

```none
https://storage.{ESS Domain}/.well-known/solid
```

Its [Response.body](https://developer.mozilla.org/en-US/docs/Web/API/Response/body) returns [Resource Description Framework (RDF)](https://docs.inrupt.com/reference/glossary#rdf-resource) statements. Depending on your configuration, the response can include information about:

* List of applications that can perform read and write operations the [Access Control Resources](https://docs.inrupt.com/reference/glossary#access-control-resource) with the following caveat:

{% hint style="danger" %}
**Disambiguation**

The list displays the value of [Pod Storage Service](https://docs.inrupt.com/ess/2.5/services/service-pod-management/service-pod-storage)‘s [**`INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST`**](https://docs.inrupt.com/ess/2.5/service-pod-management/service-pod-storage#inrupt_authorization_client_id_allow_list) configuration value, which is for discoverability purposes only.

The actual configuration that determines which applications can access the ACR is the [Authorization Service](https://docs.inrupt.com/ess/2.5/services/service-authorization)‘s [**`INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST`**](https://docs.inrupt.com/ess/2.5/service-authorization#inrupt_authorization_client_id_allow_list).

As such, if the two lists are not in sync, the returned list from [Pod Storage Service](https://docs.inrupt.com/ess/2.5/services/service-pod-management/service-pod-storage) may not accurately reflect the trusted apps.
{% endhint %}

* Maximum number of Pods allowed per Agent.
* Notification Gateway endpoint.
* Provision service endpoint.
* QPF service endpoint.

```none
@prefix solid: <http://www.w3.org/ns/solid/terms#> .
[ a                          solid:DiscoveryDocument ;
  <http://www.w3.org/ns/auth/acl#trustedApp>
          <https://inrupt.com> ;
  solid:maxPodsPerOwner      10 ;
  solid:notificationGateway  <https://notification.{ESS DOMAIN}.com/> ;
  solid:provision            <https://provision.{ESS DOMAIN}.com/>;
  solid:qpf                  <https://fragments.{ESS DOMAIN}.com/
] .
```

### `/.well-known/uma2-configuration`

ESS provides UMA service metadata resource at the following **`/.well-known/uma2-configuration`** URI:

```none
https://uma.<ESS DOMAIN>/.well-known/uma2-configuration
```

The endpoint returns the current deployment’s UMA service configuration:

```json
{
  "dpop_signing_alg_values_supported": [
    "ES256",
    "RS256"
  ],
  "grant_types_supported": [
    "urn:ietf:params:oauth:grant-type:uma-ticket"
  ],
  "issuer": "https://uma.<ESS DOMAIN>",
  "jwks_uri": "https://uma.<ESS DOMAIN>/jwks",
  "token_endpoint": "https://uma.<ESS DOMAIN>/token",
  "uma_profiles_supported": [
    "https://www.w3.org/TR/vc-data-model/#json-ld",
    "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"
  ],
  "verifiable_credential_issuer": "https://vc.<ESS DOMAIN>"
}
```

### `/.well-known/vc-configuration`

{% hint style="info" %}
**Subject to Change**\
This endpoint is subject to change and may be replaced in the future.
{% endhint %}

ESS provides a [Access Grant Service](https://docs.inrupt.com/ess/2.5/services/service-access-grant) metadata resource at the following **`/.well-known/vc-configuration`** URI:

```none
https://vc.<ESS Domain>/.well-known/vc-configuration
```

The endpoint returns a [JSON-LD](https://w3c.github.io/json-ld-syntax/#basic-concepts) document that includes the locations for the Access Grant Service endpoints:

<pre class="language-json"><code class="lang-json">{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://vc.&#x3C;ESS Domain>/credentials/v1"
  ],
<strong>  "derivationService": "https://vc.&#x3C;ESS Domain>/derive",
</strong><strong>  "issuerService": "https://vc.&#x3C;ESS Domain>/issue",
</strong><strong>  "queryService": "https://vc.&#x3C;ESS Domain>/query",
</strong><strong>  "statusService": "https://vc.&#x3C;ESS Domain>/status",
</strong>  "supportedSignatureTypes": [
    "Ed25519Signature2020"
<strong>  ],
</strong><strong>  "verifierService": "https://vc.&#x3C;ESS Domain>/verify"
</strong>}
</code></pre>