diff --git a/src/constants.ts b/src/constants.ts
index c4e8fd452..c0d8880e3 100644
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -32,6 +32,7 @@ export const INTERNAL_LOGS_PATH = '/internal-logs';
 export const LOGS_PATH = '/logs';
 export const PUSH_PATH = '/push';
 export const PING_PATH = '/ping';
+export const WELL_KNOWN_PATH = '/.well-known';
 export const PROXY_PATH = '/proxy';
 export const EXTENSIONS_PATH = '/extensions';
 // Remember we end up in the build/* directory so these paths looks slightly
diff --git a/src/controllers/well-known_controller.ts b/src/controllers/well-known_controller.ts
new file mode 100644
index 000000000..bc346e4af
--- /dev/null
+++ b/src/controllers/well-known_controller.ts
@@ -0,0 +1,30 @@
+/**
+ * Well-Known Controller
+ *
+ * Handles HTTP requests to /.well-known
+ */
+
+import express from 'express';
+import * as Constants from '../constants';
+
+function build(): express.Router {
+  const controller = express.Router();
+
+  /**
+   * OAuth 2.0 Authorization Server Metadata (RFC 8414)
+   */
+  controller.get('/oauth-authorization-server', (request, response) => {
+    const origin = request.protocol + '://' + request.headers.host;
+    response.json({
+      'issuer': origin,
+      'authorization_endpoint': origin + Constants.OAUTH_PATH + '/authorize',
+      'token_endpoint': origin + Constants.OAUTH_PATH + '/token',
+      'response_types_supported': ['code']
+      //TODO: Consider adding scopes_supported with a dynamically generated list
+    });
+  });
+
+  return controller;
+}
+
+export default build;
diff --git a/src/router.ts b/src/router.ts
index 5c640dff7..335f1152b 100644
--- a/src/router.ts
+++ b/src/router.ts
@@ -30,6 +30,7 @@ import NotifiersController from './controllers/notifiers_controller';
 import OAuthClientsController from './controllers/oauthclients_controller';
 import OAuthController from './controllers/oauth_controller';
 import PingController from './controllers/ping_controller';
+import WellKnownController from './controllers/well-known_controller';
 import ProxyController, { WithProxyMethods } from './controllers/proxy_controller';
 import PushController from './controllers/push_controller';
 import RootController from './controllers/root_controller';
@@ -155,6 +156,7 @@ class Router {
     app.use(API_PREFIX + Constants.SETTINGS_PATH, nocache, SettingsController());
     app.use(API_PREFIX + Constants.USERS_PATH, nocache, UsersController());
     app.use(API_PREFIX + Constants.PING_PATH, nocache, PingController());
+    app.use(API_PREFIX + Constants.WELL_KNOWN_PATH, nocache, WellKnownController());
 
     // Authenticated API routes
     app.use(API_PREFIX + Constants.THINGS_PATH, nocache, auth, ThingsController());