A general question about using (OIDC) discovery documents (like

<https://YOUR_DOMAIN/.well-known/openid-configuration>

) came up at work: Should clients fetch discover documents for each authentication request or just once when configuring the client for the first time?

I guess this should be done for each authentication request or at application startup. By doing this the client stays flexible to changes to the authorization server - no hard coded uris (except the well known endpoint).