diff --git a/app/controllers/openid_connect/discovery_controller.rb b/app/controllers/openid_connect/discovery_controller.rb
index e9b0a80b5..020c05c2f 100644
--- a/app/controllers/openid_connect/discovery_controller.rb
+++ b/app/controllers/openid_connect/discovery_controller.rb
@@ -1,45 +1,32 @@
-class DiscoveryController < ApplicationController
-  def show
-    case params[:id]
-    when "webfinger"
-      webfinger_discovery
-    when "openid-configuration"
-      openid_configuration
-    else
-      raise HttpError::NotFound
+module OpenidConnect
+  class DiscoveryController < ApplicationController
+    def webfinger
+      jrd = {
+               links: [{
+                          rel: OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
+                          href: File.join(root_url, "openid_connect")
+                       }]
+            }
+      jrd[:subject] = params[:resource] if params[:resource].present?
+      render json: jrd, content_type: "application/jrd+json"
+    end
+
+    def configuration
+      render json: OpenIDConnect::Discovery::Provider::Config::Response.new(
+               issuer: root_url,
+               registration_endpoint: openid_connect_clients_url,
+               authorization_endpoint: new_openid_connect_authorization_url,
+               token_endpoint: openid_connect_access_tokens_url,
+               userinfo_endpoint: api_v0_user_url,
+               jwks_uri: "https://not_configured_yet.com", # TODO: File.join({new_openid_connect_authorization_path} + "/jwks.json"),
+               scopes_supported: Scope.pluck(:name),
+               response_types_supported: OAuthApplication.available_response_types,
+               request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
+               subject_types_supported: %w(public pairwise),
+               id_token_signing_alg_values_supported: %i(RS256),
+               token_endpoint_auth_methods_supported: %w(client_secret_basic client_secret_post),
+             # TODO: claims_supported: ["sub", "iss", "name", "email"]
+             )
     end
   end
-
-  private
-
-  def webfinger_discovery
-    jrd = {
-      links: [{
-        rel:  OpenIDConnect::Discovery::Provider::Issuer::REL_VALUE,
-        href: root_path
-      }]
-    }
-    jrd[:subject] = params[:resource] if params[:resource].present?
-    render json: jrd, content_type: "application/jrd+json"
-  end
-
-  def openid_configuration
-    config = OpenIDConnect::Discovery::Provider::Config::Response.new(
-      issuer:                                      root_path,
-      authorization_endpoint:                      "#{authorizations_url}/new",
-      token_endpoint:                              access_tokens_url,
-      userinfo_endpoint:                           user_info_url,
-      jwks_uri:                                    "#{authorizations_url}/jwks.json",
-      registration_endpoint:                       "#{root_path}/connect",
-      scopes_supported:                            "iss",
-      response_types_supported:                    "Client.available_response_types",
-      grant_types_supported:                       "Client.available_grant_types",
-      request_object_signing_alg_values_supported: %i(HS256 HS384 HS512),
-      subject_types_supported:                     %w(public pairwise),
-      id_token_signing_alg_values_supported:       %i(RS256),
-      token_endpoint_auth_methods_supported:       %w(client_secret_basic client_secret_post),
-      claims_supported:                            %w(sub iss name email)
-    )
-    render json: config
-  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 8920ef42a..79021f7cd 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -238,12 +238,16 @@ Diaspora::Application.routes.draw do
     resources :clients, only: :create
     post "access_tokens", to: proc {|env| OpenidConnect::TokenEndpoint.new.call(env) }
 
-    # Authorization Servers MUST support the use of the HTTP GET and POST methods at the Authorization Endpoint (see http://openid.net/specs/openid-connect-core-1_0.html#AuthResponseValidation).
+    # Authorization Servers MUST support the use of the HTTP GET and POST methods at the Authorization Endpoint
+    # See http://openid.net/specs/openid-connect-core-1_0.html#AuthResponseValidation
     resources :authorizations, only: %i(new create)
     post "authorizations/new", to: "authorizations#new"
+
+    get ".well-known/webfinger", to: "discovery#webfinger"
+    get ".well-known/openid-configuration", to: "discovery#configuration"
   end
 
   api_version(module: "Api::V0", path: {value: "api/v0"}, default: true) do
-    match "user", to: "users#show", via: [:get, :post]
+    match "user", to: "users#show", via: %i(get post)
   end
 end
diff --git a/spec/controllers/openid_connect/discovery_controller_spec.rb b/spec/controllers/openid_connect/discovery_controller_spec.rb
new file mode 100644
index 000000000..6a30d9c32
--- /dev/null
+++ b/spec/controllers/openid_connect/discovery_controller_spec.rb
@@ -0,0 +1,27 @@
+require "spec_helper"
+
+describe OpenidConnect::DiscoveryController, type: :controller do
+  describe "#webfinger" do
+    before do
+      get :webfinger, resource: "http://test.host/bob"
+    end
+
+    it "should return a url to the openid-configuration" do
+      json_body = JSON.parse(response.body)
+      expect(json_body["links"].first["href"]).to eq("http://test.host/openid_connect")
+    end
+
+    it "should return the resource in the subject" do
+      json_body = JSON.parse(response.body)
+      expect(json_body["subject"]).to eq("http://test.host/bob")
+    end
+  end
+
+  describe "#configuration" do
+    it "should have the issuer as the root url" do
+      get :configuration
+      json_body = JSON.parse(response.body)
+      expect(json_body["issuer"]).to eq("http://test.host/")
+    end
+  end
+end