Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
.well-known/openid-configuration
OpenID Connect Configuration Document
What an attacker could do
This discovery document publicly maps every OIDC endpoint, supported flows, and signing keys, giving an attacker a complete blueprint of the identity provider to find weak grant types or algorithms.
How to defend it
Exposure of this document is expected by design; harden the underlying endpoints by disabling weak flows and algorithms, and ensure jwks_uri serves only current signing keys.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation