What is this?
OpenID Connect Discovery 1.0 lets clients learn an issuer's endpoints and supported features
from a standard JSON document at /.well-known/openid-configuration. This tool fetches the document for a given
issuer host and checks the mandatory fields (issuer, authorization_endpoint, jwks_uri,
response_types_supported, subject_types_supported, id_token_signing_alg_values_supported),
endpoint HTTPS, issuer consistency, PKCE method advertisement and recommended scopes.
When do I need it?
Before pointing a client at a new OIDC provider, after changing the configuration of your own provider, or as a quick sanity check when integrating a vendor that ships an SSO endpoint. The tool also makes a good spec primer if you need to explain to a colleague why a particular field is mandatory.