diff --git a/src/wellknown.js b/src/wellknown.js
index 34592097c..afe7015aa 100644
--- a/src/wellknown.js
+++ b/src/wellknown.js
@@ -6,11 +6,14 @@ exports = module.exports = {
 
 const assert = require('assert'),
     BoxError = require('./boxerror.js'),
+    constants = require('./constants.js'),
     domains = require('./domains.js'),
     ejs = require('ejs'),
     fs = require('fs'),
     mail = require('./mail.js'),
-    settings = require('./settings.js');
+    safe = require('safetydance'),
+    settings = require('./settings.js'),
+    superagent = require('superagent');
 
 const MAIL_AUTOCONFIG_EJS = fs.readFileSync(__dirname + '/autoconfig.xml.ejs', { encoding: 'utf8' });
 
@@ -35,6 +38,13 @@ async function get(domain, location) {
         if (!domainObject.wellKnown || !(location in domainObject.wellKnown)) throw new BoxError(BoxError.NOT_FOUND, 'No custom well-known config');
 
         return { type, body: domainObject.wellKnown[location] };
+    } else if (location === 'openid-configuration') {
+        // the oidc-provider module does not expose this in javascript but only via a route handler
+        // we have to use the external route even
+        const [error, result] = await safe(superagent.get(`https://${settings.dashboardFqdn()}/api/v1/oidc/.well-known/openid-configuration`));
+        if (error) return new BoxError(BoxError.INTERNAL_ERROR, 'unable to connect to internal OpenID routes');
+
+        return { type: 'application/json', body: result.body };
     } else {
         throw new BoxError(BoxError.NOT_FOUND, 'No custom well-known config');
     }