In my setup, I use Keycloak as IdentityProvider. The server metadata concerning Oauth2 are already provided by Keycloak. https://server/auth/realms/realm/.well-known/openid-configuration
Respone:
{
"issuer": "https://login.example.com/auth/realms/LOA",
...
...
"registration_endpoint": "https://login.example.com/auth/realms/LOA/clients-registrations/openid-connect",
...
...
}
The question is how does the client get the information ? It cannot know which Identity Provider i use!
A possibility is that the AP server provide an endpoint like
https://activitypub.example.com/.well-known/activityPub
And get then the info about the issuer:
{
"issuer":"https://login.example.com/auth/realms/LOA"
}
I am curious to hear your opinions