dex icon indicating copy to clipboard operation
dex copied to clipboard
verified publisher icon dexidp

Add support for the OAuth 2.0 Authorization Server Metadata Endpoint (RFC 8414)

Open johnvan7 opened this issue 2 months ago • 2 comments

Overview

This PR adds support for the OAuth 2.0 Authorization Server Metadata endpoint defined in RFC 8414. Alongside the existing OIDC discovery document, this PR exposes a dedicated well‑known endpoint for OAuth 2.0 metadata.

What this PR does / why we need it

  • Implements the endpoint /.well-known/oauth-authorization-server as specified in RFC 8414.
  • Introduces separate discovery structures for OIDC and OAuth2 to ensure correct metadata for each protocol.
  • Adds full test coverage for both discovery endpoints.

This feature enables better interoperability with systems and MCPs that rely on OAuth 2.0 Authorization Server Metadata, making Dex more compliant with modern standards and forward‑looking integrations.

Related issue:

  • #4444

johnvan7 avatar Dec 12 '25 13:12 johnvan7

@johnvan7 looks reasonable. Can you squash the commits into 1? At a minimum things won't compile until all the commits are together. The last one could be split off if we really wanted but practically I don't think it makes sense.

cardoe avatar Dec 12 '25 17:12 cardoe

@cardoe Thanks for your advice, I did the squash in one commit.

johnvan7 avatar Dec 12 '25 21:12 johnvan7