WebFinger support for OIDC

If I understand https://www.rfc-editor.org/rfc/rfc7033#section-3.1 correctly, a service can take an email and just craft the well-known URL from the domain. It doesn't matter what's hosted where. I was working on getting Tailscale to authenticate against Cloudron's OIDC (https://tailscale.com/kb/1240/sso-custom-oidc).

The email for my domain is hosted at Fastmail, but the website is on Cloudron. I was able to set up a quick LAMP app at the root domain on Cloudron and have it respond to the webfinger request. Tailscale then picked it up and allowed me to authenticate properly.

Having it in the well-known-locations dialog would certainly have been easier.

Nextcloud and Markdown have been my primary note-taking system for the last three years.

https://lifemeetscode.com/blog/taking-notes-with-nextcloud-qownnotes-and-notebooks

Hello,
I have been looking through the docs, but haven't found a definitive answer on this. I have successfully connected an app to Cloudron's OIDC Provider, but some services want to start with looking up the WebFinger first. Is WebFinger discovery implemented and just not documented. If not, is it planned for a future release?

Thanks!

@girish yes, from when I actually had time to write lol.

Can you look at the app’s logs and provide more information on the error?