From d5ae4181aad2d33769cf33d6e391404e7b0f33ef Mon Sep 17 00:00:00 2001
From: Huskydog9988 <39809509+Huskydog9988@users.noreply.github.com>
Date: Tue, 10 Feb 2026 21:23:30 -0500
Subject: [PATCH] advise people to use OIDC_WELLKNOWN

---
 docs/src/content/docs/admin/authentication/oidc.md | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/docs/src/content/docs/admin/authentication/oidc.md b/docs/src/content/docs/admin/authentication/oidc.md
index 78ba2f8b..d34e725c 100644
--- a/docs/src/content/docs/admin/authentication/oidc.md
+++ b/docs/src/content/docs/admin/authentication/oidc.md
@@ -8,7 +8,7 @@ OpenID Connect is a OAuth2 extension support by most identity providers.
 
 To configure OIDC, you must set the following environment variables:
 
-| Variable                             | Usage                                                                                                                                  |
+| Variable                             | Description                                                                                                                            |
 | ------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------- |
 | `OIDC_CLIENT_ID`                     | Client ID from your identity provider.                                                                                                 |
 | `OIDC_CLIENT_SECRET`                 | Client secret from your identity provider.                                                                                             |
@@ -25,13 +25,19 @@ And then, you must configure **either**:
 
 #### Use `OIDC_WELLKNOWN`
 
-A unprotected endpoint that returns a OIDC well-known JSON. Fetched on startup
+A unprotected endpoint that returns a OIDC well-known JSON. Fetched on startup.
+
+For example if you used authentik, your OIDC well-known endpoint would be: `https://authentik.company/application/o/<slug>/.well-known/openid-configuration`.
 
 ---
 
 #### Provide options individually
 
-| Variable             | Usage                                                                     |
+:::caution
+Drop recommends using the OIDC well-known option **instead** of manually specifying each endpoint. This should only be used if your OIDC provider does not support the well-known format.
+:::
+
+| Variable             | Description                                                               |
 | -------------------- | ------------------------------------------------------------------------- |
 | `OIDC_AUTHORIZATION` | Authorization endpoint. Usually ends with `authorize`.                    |
 | `OIDC_TOKEN`         | Token endpoint. Usually ends with `token`.                                |