Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

A general question about using (OIDC) discovery documents (like `<https://YOUR_DOMAIN/.well-known/openid-configuration>`) came up at work:
Should clients fetch discover documents for each authentication request or just once when configuring the client for the first time?

I guess this should be done for each authentication request or at application startup. By doing this the client stays flexible to changes to the authorization server - no hard coded uris (except the well known endpoint).