OpenID Connect Discovery Explorer

Enter any OIDC issuer URL to fetch its discovery endpoint. Instantly inspect the full .well-known/openid-configuration endpoints, supported scopes, signing algorithms, and JWKS, no login required.

This tool is crafted by Authgear
Support and star us on

Your data security is our top priority. Everything runs locally in your browser.
The tool fetches the discovery document directly from the OIDC provider using your browser. Authgear never sees or logs your requests.

More Developer Tools

JWT & JWE Debuger
JWK Generator
HMAC Tool
SAML Testing Tool
TOTP Authenticator
Password Hash Generator
Base64 Decode and Encode
UUID v7 Generator & Timestamp Extractor
OpenID Configuration Fetching
Automatically fetch the OpenID Connect discovery document from
/.well-known/openid-configuration based on the issuer URL you provide.
Key Endpoints Summary
Quickly view essential endpoints and identifiers, including the issuer, authorization endpoint, token endpoint, JWKS URI, and other commonly used configuration fields.
JSON Discovery Output
Inspect the full discovery document in a syntax-highlighted JSON view.
Easily copy the entire response or individual fields for debugging or documentation.

How the Tool Works

Step 1.
Enter the Discovery URL (for example: https://accounts.google.com/.well-known/openid-configuration or https://project.authgear.cloud/.well-known/openid-configuration) and click Fetch.
Step 2.
Review the parsed metadata, core endpoints, and provider capabilities.
Step 3.
Copy individual fields with one click, inspect raw JSON, or see the JWKS.

Ready to Supercharge Your Authentication?

Experience seamless, secure, and scalable identity management with Authgear.

Get Started for Free

What is the discovery endpoint in OIDC?

The OIDC discovery endpoint is a standardized URL at  {issuer}/.well-known/openid-configuration that returns a JSON document describing the provider's configuration. It lists the authorization endpoint, token endpoint, JWKS URI, supported scopes, response types, signing algorithms, and other capabilities. Clients can use it to configure themselves automatically without hardcoding endpoint URLs.

Do all OIDC providers support discovery?

Most modern, compliant OIDC providers support discovery. It is required by the OpenID Connect specification for providers that want to support automatic client configuration. Some older or proprietary identity systems may not expose a /.well-known/openid-configuration endpoint — in that case, you'll need to configure endpoints manually. If a fetch in this tool fails, the provider either doesn't support discovery or has access restrictions on the endpoint.

What is the actual OpenID discovery URL?

The discovery URL format is {issuer}/.well-known/openid-configuration, where {issuer} is the base URL of your OpenID Connect provider.
For example: Google uses https://accounts.google.com/.well-known/openid-configuration, Okta uses https://{yourOktaDomain}/.well-known/openid-configuration, and Authgear uses https://{your-project}.authgear.cloud/.well-known/openid-configuration. Enter any issuer URL above and this tool will fetch it automatically.

What is a discovery endpoint?

A discovery endpoint is a well-known URL that a service exposes to describe its capabilities and configuration. In OpenID Connect, the discovery endpoint follows the path /.well-known/openid-configuration (defined in RFC 8414). It allows client applications to dynamically discover the provider's endpoints and supported features without manual configuration.

Do OIDC providers from the same vendor (Okta, Azure, Keycloak) have different discovery URLs?

Yes. The discovery URL format is consistent (/.well-known/openid-configuration), but the base issuer URL differs. For Azure AD, it's typically "https://login.microsoftonline.com/{tenant-id}/v2.0". For Keycloak, it's "https://{host}/realms/{realm}". For Okta, it's "https://{yourOktaDomain}". Enter the issuer URL for your provider above and the tool resolves the full discovery URL automatically.
Preferences

Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website.

Accept all cookies

These items are required to enable basic website functionality.

Always active

These items are used to deliver advertising that is more relevant to you and your interests.

These items allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.

These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

This Dev Tool is crafted by Authgear

Open source Auth0/Clerk/Firebase alternative. Passkeys, SSO, MFA, passwordless, biometric login.

Star us on
Close