1 files changed, 49 insertions, 0 deletions

diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl
new file mode 100644
index 00000000..54bb4a76
--- /dev/null
+++ b/templates/user/auth/oidc_wellknown.tmpl
@@ -0,0 +1,49 @@
+{
+    "issuer": "{{AppUrl | JSEscape}}",
+    "authorization_endpoint": "{{AppUrl | JSEscape}}login/oauth/authorize",
+    "token_endpoint": "{{AppUrl | JSEscape}}login/oauth/access_token",
+    "jwks_uri": "{{AppUrl | JSEscape}}login/oauth/keys",
+    "userinfo_endpoint": "{{AppUrl | JSEscape}}login/oauth/userinfo",
+    "introspection_endpoint": "{{AppUrl | JSEscape}}login/oauth/introspect",
+    "response_types_supported": [
+        "code",
+        "id_token"
+    ],
+    "id_token_signing_alg_values_supported": [
+        "{{.SigningKey.SigningMethod.Alg | JSEscape}}"
+    ],
+    "subject_types_supported": [
+        "public"
+    ],
+    "scopes_supported": [
+        "openid",
+        "profile",
+        "email",
+        "groups"
+    ],
+    "claims_supported": [
+        "aud",
+        "exp",
+        "iat",
+        "iss",
+        "sub",
+        "name",
+        "preferred_username",
+        "profile",
+        "picture",
+        "website",
+        "locale",
+        "updated_at",
+        "email",
+        "email_verified",
+        "groups"
+    ],
+    "code_challenge_methods_supported": [
+        "plain",
+        "S256"
+    ],
+    "grant_types_supported": [
+        "authorization_code",
+        "refresh_token"
+    ]
+}