diff --git a/pkg/internal/http/api/index.go b/pkg/internal/http/api/index.go
index ce43ac2..4262c39 100644
--- a/pkg/internal/http/api/index.go
+++ b/pkg/internal/http/api/index.go
@@ -3,9 +3,12 @@ package api
 import (
 	pkg "git.solsynth.dev/hypernet/nexus/pkg/internal"
 	"git.solsynth.dev/hypernet/nexus/pkg/internal/auth"
+	"git.solsynth.dev/hypernet/nexus/pkg/internal/directory"
 	"git.solsynth.dev/hypernet/nexus/pkg/internal/http/ws"
+	"git.solsynth.dev/hypernet/nexus/pkg/nex"
 	"github.com/gofiber/contrib/websocket"
 	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/middleware/proxy"
 )
 
 func MapAPIs(app *fiber.App) {
@@ -21,6 +24,21 @@ func MapAPIs(app *fiber.App) {
 		})
 		wellKnown.Get("/check-ip", getClientIP)
 		wellKnown.Get("/directory/services", listExistsService)
+
+		wellKnown.Get("/openid-configuration", func(c *fiber.Ctx) error {
+			service := directory.GetServiceInstanceByType(nex.ServiceTypeAuth)
+			if service == nil || service.HttpAddr == nil {
+				return fiber.ErrNotFound
+			}
+			return proxy.Do(c, *service.HttpAddr+"/.well-known/openid-configuration")
+		})
+		wellKnown.Get("/jwks", func(c *fiber.Ctx) error {
+			service := directory.GetServiceInstanceByType(nex.ServiceTypeAuth)
+			if service == nil || service.HttpAddr == nil {
+				return fiber.ErrNotFound
+			}
+			return proxy.Do(c, *service.HttpAddr+"/.well-known/jwks")
+		})
 	}
 
 	// Common websocket gateway