# Discovery

ESS uses **`/.well-known`** URIs to provide metadata about its services.

{% hint style="info" %}
**Note**\
[**RFC 8615**](https://datatracker.ietf.org/doc/html/rfc8615.html) (Well-Known Uniform Resource Identifiers (URIs) RFC specification) is currently in proposal state.

* Features based on draft/proposed specifications are subject to change and/or removal.
* The properties found in ESS services’ metadata may use custom properties (i.e., not defined in the [Solid Vocabularies](https://github.com/solid/vocab) ) and are also subject to change and/or removal.
  {% endhint %}

## `/.well-known` URIs

### `/.well-known/openid-configuration`

ESS provides [Solid OIDC Broker Service](/ess/2.6/services/service-oidc.md) metadata at the following **`/.well-known/openid-configuration`** URI:

```none
https://openid.<ESS DOMAIN>/.well-known/openid-configuration
```

The endpoint returns the current deployment’s [Solid OIDC Broker Service](/ess/2.6/services/service-oidc.md) metadata.

### `/.well-known/solid`

{% hint style="info" %}
**Subject to Change**\
This endpoint is subject to change and may be replaced in the future.
{% endhint %}

ESS provides [Pod Storage Service](/ess/2.6/services/service-pod-management/service-pod-storage.md) (and related) metadata at the following **`.well-known/solid`** URI:

```none
https://storage.{ESS Domain}/.well-known/solid
```

Its [Response.body](https://developer.mozilla.org/en-US/docs/Web/API/Response/body) returns [Resource Description Framework (RDF)](/reference/glossary.md#rdf-resource) statements. Depending on your configuration, the response can include information about:

* List of applications that can perform read and write operations the [Access Control Resources](/reference/glossary.md#access-control-resource) with the following caveat:

{% hint style="danger" %}
**Disambiguation**

The list displays the value of [Pod Storage Service](/ess/2.6/services/service-pod-management/service-pod-storage.md)‘s [**`INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST`**](/ess/2.6/services/service-pod-management/service-pod-storage.md#inrupt_authorization_client_id_allow_list) configuration value, which is for discoverability purposes only.

The actual configuration that determines which applications can access the ACR is the [Authorization Service](/ess/2.6/services/service-authorization.md)‘s [**`INRUPT_AUTHORIZATION_CLIENT_ID_ALLOW_LIST`**](/ess/2.6/services/service-authorization.md#inrupt_authorization_client_id_allow_list).

As such, if the two lists are not in sync, the returned list from [Pod Storage Service](/ess/2.6/services/service-pod-management/service-pod-storage.md) may not accurately reflect the trusted apps.
{% endhint %}

* Maximum number of Pods allowed per Agent.
* Notification Gateway endpoint.
* Provision service endpoint.
* QPF service endpoint.

```none
@prefix solid: <http://www.w3.org/ns/solid/terms#> .
[ a                          solid:DiscoveryDocument ;
  <http://www.w3.org/ns/auth/acl#trustedApp>
          <https://inrupt.com> ;
  solid:maxPodsPerOwner      10 ;
  solid:notificationGateway  <https://notification.{ESS DOMAIN}.com/> ;
  solid:provision            <https://provision.{ESS DOMAIN}.com/>;
  solid:qpf                  <https://fragments.{ESS DOMAIN}.com/
] .
```

### `/.well-known/uma2-configuration`

ESS provides UMA service metadata resource at the following **`/.well-known/uma2-configuration`** URI:

```none
https://uma.<ESS DOMAIN>/.well-known/uma2-configuration
```

The endpoint returns the current deployment’s UMA service configuration:

```json
{
  "dpop_signing_alg_values_supported": [
    "ES256",
    "RS256"
  ],
  "grant_types_supported": [
    "urn:ietf:params:oauth:grant-type:uma-ticket"
  ],
  "issuer": "https://uma.<ESS DOMAIN>",
  "jwks_uri": "https://uma.<ESS DOMAIN>/jwks",
  "token_endpoint": "https://uma.<ESS DOMAIN>/token",
  "uma_profiles_supported": [
    "https://www.w3.org/TR/vc-data-model/#json-ld",
    "http://openid.net/specs/openid-connect-core-1_0.html#IDToken"
  ],
  "verifiable_credential_issuer": "https://vc.<ESS DOMAIN>"
}
```

### `/.well-known/vc-configuration`

{% hint style="info" %}
**Subject to Change**\
This endpoint is subject to change and may be replaced in the future.
{% endhint %}

ESS provides a [Access Grant Service](/ess/2.6/services/service-access-grant.md) metadata resource at the following **`/.well-known/vc-configuration`** URI:

```none
https://vc.<ESS Domain>/.well-known/vc-configuration
```

The endpoint returns a [JSON-LD](https://w3c.github.io/json-ld-syntax/#basic-concepts) document that includes the locations for the Access Grant Service endpoints:

<pre class="language-json"><code class="lang-json">{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://vc.&#x3C;ESS Domain>/credentials/v1"
  ],
<strong>  "derivationService": "https://vc.&#x3C;ESS Domain>/derive",
</strong><strong>  "issuerService": "https://vc.&#x3C;ESS Domain>/issue",
</strong><strong>  "queryService": "https://vc.&#x3C;ESS Domain>/query",
</strong><strong>  "statusService": "https://vc.&#x3C;ESS Domain>/status",
</strong>  "supportedSignatureTypes": [
    "Ed25519Signature2020"
<strong>  ],
</strong><strong>  "verifierService": "https://vc.&#x3C;ESS Domain>/verify"
</strong>}
</code></pre>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.inrupt.com/ess/2.6/services/appendix/discovery-endpoint.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.