diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 18f69a71461ffd5d0623be0814ced45f91fbfeeb..67b99e8fc488514d6c558b597a8619940caf37c8 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -205,6 +205,7 @@ Fixed
 * Due to a merge error, the once removed account menu in the sidenav appeared again.
 * Scheduled notifications were shown on dashboard before time.
 * Remove broken notifications menu item in favor of item next to account menu.
+* Serve OAuth discovery information under root of domain
 * [OAuth2] Resources which are protected with client credentials
   allowed access if no scopes were allowed (CVE-2022-29773).
 * The site logo could overlap with the menu for logos with an unexpected aspect ratio.
diff --git a/aleksis/core/settings.py b/aleksis/core/settings.py
index 842583fe2b880c6bf98ab89dbdb96b461f8ac574..c8c81525bc32b3ff91c3301328c7002b04fc12ed 100644
--- a/aleksis/core/settings.py
+++ b/aleksis/core/settings.py
@@ -390,6 +390,7 @@ OAUTH2_PROVIDER = {
     "SCOPES_BACKEND_CLASS": "aleksis.core.util.auth_helpers.AppScopes",
     "OAUTH2_VALIDATOR_CLASS": "aleksis.core.util.auth_helpers.CustomOAuth2Validator",
     "OIDC_ENABLED": True,
+    "OIDC_ISS_ENDPOINT": BASE_URL,
     "REFRESH_TOKEN_EXPIRE_SECONDS": _settings.get("oauth2.token_expiry", 86400),
     "PKCE_REQUIRED": False,
 }
diff --git a/aleksis/core/urls.py b/aleksis/core/urls.py
index 035fe1610a41c842e4a516a6d40aaa492dde474c..5f4fff856c660e6168a611ed2bb06e98405a32e6 100644
--- a/aleksis/core/urls.py
+++ b/aleksis/core/urls.py
@@ -25,6 +25,12 @@ urlpatterns = [
     path("__icons__/", include("dj_iconify.urls")),
     path("graphql/", csrf_exempt(GraphQLView.as_view(graphiql=True)), name="graphql"),
     path("logo", views.LogoView.as_view(), name="logo"),
+    path(
+        ".well-known/openid-configuration/",
+        ConnectDiscoveryInfoView.as_view(),
+        name="oidc_configuration",
+    ),
+    path("oauth/", include("oauth2_provider.urls", namespace="oauth2_provider")),
     path(
         "django/",
         include(
@@ -160,11 +166,6 @@ urlpatterns = [
                 path("search/", views.PermissionSearchView.as_view(), name="haystack_search"),
                 path("maintenance-mode/", include("maintenance_mode.urls")),
                 path("impersonate/", include("impersonate.urls")),
-                path(
-                    ".well-known/openid-configuration/",
-                    ConnectDiscoveryInfoView.as_view(),
-                    name="oidc_configuration",
-                ),
                 path(
                     "oauth/applications/",
                     views.OAuth2ListView.as_view(),
@@ -195,7 +196,7 @@ urlpatterns = [
                     views.CustomAuthorizationView.as_view(),
                     name="oauth2_provider:authorize",
                 ),
-                path("oauth/", include("oauth2_provider.urls", namespace="oauth2_provider")),
+
                 path("__i18n__/", include("django.conf.urls.i18n")),
                 path(
                     "ckeditor/upload/",