diff --git a/authz/authz.go b/authz/authz.go
index 1e27d267..ea9fd134 100644
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -93,6 +93,7 @@ p, *, *, POST, /api/send-verification-code, *, *
 p, *, *, GET, /api/get-human-check, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
+p, *, *, GET, /.well-known/openid-configuration, *, *
 `
 
 		sa := stringadapter.NewAdapter(ruleText)
diff --git a/controllers/oidc_discovery.go b/controllers/oidc_discovery.go
new file mode 100644
index 00000000..560df801
--- /dev/null
+++ b/controllers/oidc_discovery.go
@@ -0,0 +1,22 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import "github.com/casbin/casdoor/object"
+
+func (c *ApiController) GetOidcDiscovery() {
+	c.Data["json"] = object.GetOidcDiscovery()
+	c.ServeJSON()
+}
diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go
new file mode 100644
index 00000000..bcd2d0e6
--- /dev/null
+++ b/object/oidc_discovery.go
@@ -0,0 +1,53 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+type OidcDiscovery struct {
+	Issuer                                 string   `json:"issuer"`
+	AuthorizationEndpoint                  string   `json:"authorization_endpoint"`
+	JwksUri                                string   `json:"jwks_uri"`
+	ResponseTypesSupported                 []string `json:"response_types_supported"`
+	ResponseModesSupported                 []string `json:"response_modes_supported"`
+	GrantTypesSupported                    []string `json:"grant_types_supported"`
+	SubjectTypesSupported                  []string `json:"subject_types_supported"`
+	IdTokenSigningAlgValuesSupported       []string `json:"id_token_signing_alg_values_supported"`
+	ScopesSupported                        []string `json:"scopes_supported"`
+	ClaimsSupported                        []string `json:"claims_supported"`
+	RequestParameterSupported              bool     `json:"request_parameter_supported"`
+	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
+}
+
+var oidcDiscovery OidcDiscovery
+
+func init() {
+	oidcDiscovery = OidcDiscovery{
+		Issuer:                                 "",
+		AuthorizationEndpoint:                  "",
+		JwksUri:                                "",
+		ResponseTypesSupported:                 nil,
+		ResponseModesSupported:                 nil,
+		GrantTypesSupported:                    nil,
+		SubjectTypesSupported:                  nil,
+		IdTokenSigningAlgValuesSupported:       nil,
+		ScopesSupported:                        nil,
+		ClaimsSupported:                        nil,
+		RequestParameterSupported:              false,
+		RequestObjectSigningAlgValuesSupported: nil,
+	}
+}
+
+func GetOidcDiscovery() OidcDiscovery {
+	return oidcDiscovery
+}
diff --git a/routers/router.go b/routers/router.go
index 0708a3b2..8a612ba0 100644
--- a/routers/router.go
+++ b/routers/router.go
@@ -108,4 +108,6 @@ func initAPI() {
 
 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")
+
+	beego.Router("/.well-known/openid-configuration", &controllers.ApiController{}, "GET:GetOidcDiscovery")
 }
diff --git a/routers/static_filter.go b/routers/static_filter.go
index e048e35e..56da0855 100644
--- a/routers/static_filter.go
+++ b/routers/static_filter.go
@@ -24,7 +24,7 @@ import (
 
 func StaticFilter(ctx *context.Context) {
 	urlPath := ctx.Request.URL.Path
-	if strings.HasPrefix(urlPath, "/api/") {
+	if strings.HasPrefix(urlPath, "/api/") || strings.HasPrefix(urlPath, "/.well-known/") {
 		return
 	}
 
diff --git a/web/src/App.js b/web/src/App.js
index 89bf4988..5ffb3d4c 100644
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -50,6 +50,7 @@ import AuthCallback from "./auth/AuthCallback";
 import SelectLanguageBox from './SelectLanguageBox';
 import i18next from 'i18next';
 import PromptPage from "./auth/PromptPage";
+import OdicDiscoveryPage from "./auth/OidcDiscoveryPage";
 
 const { Header, Footer } = Layout;
 
@@ -355,7 +356,7 @@ class App extends Component {
       );
       res.push(
         <Menu.Item key="/swagger">
-          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
+          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
             {i18next.t("general:Swagger")}
           </a>
         </Menu.Item>
@@ -414,6 +415,7 @@ class App extends Component {
           <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)}/>
           <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)}/>
           <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />}/>
           <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
                                                extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
       </Switch>
diff --git a/web/src/auth/OidcDiscoveryPage.js b/web/src/auth/OidcDiscoveryPage.js
new file mode 100644
index 00000000..653b3e25
--- /dev/null
+++ b/web/src/auth/OidcDiscoveryPage.js
@@ -0,0 +1,30 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from 'react';
+import * as Setting from "../Setting";
+
+class OdicDiscoveryPage extends React.Component {
+  componentWillMount() {
+    if (Setting.isLocalhost()) {
+      Setting.goToLink(`${Setting.ServerUrl}/.well-known/openid-configuration`);
+    }
+  }
+
+  render() {
+    return null;
+  }
+}
+
+export default OdicDiscoveryPage;