As an OpenID Connect client, I should be able to discover the details necessary to interact with a provider.
The OIDC provider should provide its configuration details at /.well-known/openid-configuration.
The configuration response should follow the spec at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig.
Services should read/cache the OIDC configuration at startup, and fail to start if the configuration cannot be read.
Services should periodically retrieve/cache the OIDC configuration.
Services should have a management command allowing a manual refresh of OIDC configuration.
DevOps: configuration, new repo (maybe)
While we are phasing out OpenID Connect, we can still make use of this discovery/well-known endpoint functionality.
can we groom this?