diff --git a/src/lib/i18n/en/admin.json b/src/lib/i18n/en/admin.json
index c2bc260..987ccac 100644
--- a/src/lib/i18n/en/admin.json
+++ b/src/lib/i18n/en/admin.json
@@ -37,7 +37,7 @@
     "reveal": "Reveal secret",
     "regenerate": "Regenerate secret",
     "activated": "Activated",
-    "verified": "Verified",
+    "verified": "Official",
     "scopes": "Available scopes",
     "scopesHint": "The level of access to information you will be needing for this application.",
     "grants": "Available grant types",
diff --git a/src/params/wellKnown.ts b/src/params/wellKnown.ts
new file mode 100644
index 0000000..2e2a593
--- /dev/null
+++ b/src/params/wellKnown.ts
@@ -0,0 +1,6 @@
+import type { ParamMatcher } from '@sveltejs/kit';
+
+export const match: ParamMatcher = (param) => {
+	const isWellKnownPath = /^\.well-known$/i.test(param);
+	return isWellKnownPath;
+};
diff --git a/src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts b/src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
new file mode 100644
index 0000000..ba6cdfb
--- /dev/null
+++ b/src/routes/[...wellKnown=wellKnown]/jwks.json/+server.ts
@@ -0,0 +1,13 @@
+import { JWT_ALGORITHM } from '$env/static/private';
+import { ApiUtils } from '$lib/server/api-utils';
+import { JWT } from '$lib/server/jwt';
+import { exportJWK } from 'jose';
+import { v4 as uuidv4 } from 'uuid';
+
+const jwks = await exportJWK(JWT.publicKey);
+const kid = uuidv4({ random: Buffer.from(jwks.n as string).subarray(0, 16) });
+
+export const GET = async () =>
+	ApiUtils.json({
+		keys: [{ alg: JWT_ALGORITHM, kid, ...jwks, use: 'sig' }]
+	});
diff --git a/src/routes/[...wellKnown=wellKnown]/openid-configuration/+server.ts b/src/routes/[...wellKnown=wellKnown]/openid-configuration/+server.ts
new file mode 100644
index 0000000..727e824
--- /dev/null
+++ b/src/routes/[...wellKnown=wellKnown]/openid-configuration/+server.ts
@@ -0,0 +1,33 @@
+import { JWT_ALGORITHM, JWT_ISSUER } from '$env/static/private';
+import { PUBLIC_URL } from '$env/static/public';
+import { ApiUtils } from '$lib/server/api-utils';
+
+export const GET = async () =>
+	ApiUtils.json({
+		issuer: JWT_ISSUER,
+		authorization_endpoint: `${PUBLIC_URL}/oauth2/authorize`,
+		token_endpoint: `${PUBLIC_URL}/oauth2/token`,
+		jwks_uri: `${PUBLIC_URL}/.well-known/jwks.json`,
+		userinfo_endpoint: `${PUBLIC_URL}/api/user`,
+		introspection_endpoint: `${PUBLIC_URL}/oauth2/introspect`,
+		response_types_supported: ['code', 'id_token'],
+		id_token_signing_alg_values_supported: [JWT_ALGORITHM],
+		subject_types_supported: ['public'],
+		scopes_supported: ['openid', 'profile', 'picture', 'email'],
+		claims_supported: [
+			'aud',
+			'exp',
+			'iat',
+			'iss',
+			'sub',
+			'name',
+			'preferred_username',
+			'nickname',
+			'picture',
+			'updated_at',
+			'email',
+			'email_verified'
+		],
+		code_challenge_methods_supported: ['plain', 'S256'],
+		grant_types_supported: ['authorization_code', 'refresh_token']
+	});