OpenID Connect Discovery 1.0 Deep Dive: OP's "Self-Introduction" and Dynamic Configuration Retrieval

Introduction You probably use OIDC (OpenID Connect) every day to integrate Google Login or authentication flows into your applications. When doing so, have you ever experienced just setting issuer: "https://accounts.google.com" in your library initialization code, and it automatically resolves the Authorization Endpoint, Token Endpoint, and even the location of the public keys (JWKS)? "Why does just providing the Issuer URL reveal all the endpoints?" "How can it follow public key (JWKS) rotation without any downtime?" "In the first place, how does it identify the provider to authenticate with from an email-like ID such as alice@example.com ?" The answer to these questions is OpenID Connect Discovery 1.0 . In the past OAuth 2.0 world, it was common for developers to read the documentation and manually configure (hardcode) the URLs of each endpoint (such as /authorize and /token ) of the Authorization Server into the client. However, this relies on client-side modifications whenever the