When loading a new OIDC identity provider configuration, the server contacts the issuer's well-known URI to retrieve the discovery document. The discovery document may contain several endpoints such as the authorization_endpoint, issuer, token_endpoint, device_authorization_endpoint, and jwks_uri. Of these, the server only directly uses the issuer and jwks_uri, but it currently asserts that all of these endpoints are URLs starting with https://.

Some IdPs supply URNs or other types of formats for the endpoints. The server should adapt its validation to also be able to handle these cases.