diff --git a/matrix-authentication-service/src/handlers/mod.rs b/matrix-authentication-service/src/handlers/mod.rs
index a8ad6b1ee..fb52ec5a1 100644
--- a/matrix-authentication-service/src/handlers/mod.rs
+++ b/matrix-authentication-service/src/handlers/mod.rs
@@ -106,13 +106,23 @@ impl Middleware<State> for BrowserErrorHandler {
 pub fn install(app: &mut Server<State>) {
     let state = app.state().clone();
 
-    let cors = CorsMiddleware::new()
-        .allow_methods("GET, POST, OPTIONS".parse::<HeaderValue>().unwrap())
-        .allow_origin(Origin::from("*"))
-        .allow_credentials(false);
-
     app.at("/health").get(self::health::get);
 
+    app.at("/.well-known").nest({
+        let cors = CorsMiddleware::new()
+            .allow_methods("GET, POST, OPTIONS".parse::<HeaderValue>().unwrap())
+            .allow_origin(Origin::from("*"))
+            .allow_credentials(false);
+
+        let metadata_endpoint =
+            self::oauth2::discovery::MetadataEndpoint::from_config(&state.config().oauth2);
+
+        let mut wk = tide::new();
+        wk.with(cors);
+        wk.at("/openid-configuration").get(metadata_endpoint);
+        wk
+    });
+
     app.at("/").nest({
         let mut views = tide::with_state(state.clone());
         views.with(state.session_middleware());
@@ -132,12 +142,4 @@ pub fn install(app: &mut Server<State>) {
 
         views
     });
-
-    app.at("/.well-known").nest({
-        let mut wk = tide::with_state(state);
-        wk.with(cors);
-        wk.at("/openid-configuration")
-            .get(self::oauth2::discovery::get);
-        wk
-    });
 }
diff --git a/matrix-authentication-service/src/handlers/oauth2/discovery.rs b/matrix-authentication-service/src/handlers/oauth2/discovery.rs
index 6ade8b7f3..f5a55bbd5 100644
--- a/matrix-authentication-service/src/handlers/oauth2/discovery.rs
+++ b/matrix-authentication-service/src/handlers/oauth2/discovery.rs
@@ -12,26 +12,41 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+use async_trait::async_trait;
 use oauth2_types::oidc::Metadata;
-use tide::{Body, Request, Response};
+use tide::{Body, Endpoint, Request, Response};
 
-use crate::state::State;
+use crate::config::OAuth2Config;
 
-pub async fn get(req: Request<State>) -> tide::Result {
-    let state = req.state();
-    let m = Metadata {
-        issuer: state.issuer(),
-        authorization_endpoint: state.authorization_endpoint(),
-        token_endpoint: state.token_endpoint(),
-        jwks_uri: state.jwks_uri(),
-        registration_endpoint: None,
-        scopes_supported: None,
-        response_types_supported: None,
-        response_modes_supported: None,
-        grant_types_supported: None,
-    };
+pub struct MetadataEndpoint(Metadata);
 
-    let body = Body::from_json(&m)?;
-
-    Ok(Response::builder(200).body(body).build())
+impl MetadataEndpoint {
+    pub fn from_config(config: &OAuth2Config) -> Self {
+        let base = config.issuer.clone();
+        MetadataEndpoint(Metadata {
+            authorization_endpoint: base.join("oauth2/authorize").ok(),
+            token_endpoint: base.join("oauth2/token").ok(),
+            jwks_uri: base.join(".well-known/jwks.json").ok(),
+            issuer: base,
+            registration_endpoint: None,
+            scopes_supported: None,
+            response_types_supported: None,
+            response_modes_supported: None,
+            grant_types_supported: None,
+        })
+    }
+}
+
+#[async_trait]
+impl<State> Endpoint<State> for MetadataEndpoint
+where
+    State: Clone + Sync + Send + 'static,
+{
+    async fn call(&self, _req: Request<State>) -> tide::Result {
+        let body = Body::from_json(&self.0)?;
+        Ok(Response::builder(200)
+            .body(body)
+            .content_type(tide::http::mime::JSON)
+            .build())
+    }
 }
diff --git a/matrix-authentication-service/src/state.rs b/matrix-authentication-service/src/state.rs
index 1a4a61e39..123b48268 100644
--- a/matrix-authentication-service/src/state.rs
+++ b/matrix-authentication-service/src/state.rs
@@ -17,7 +17,6 @@ use std::sync::Arc;
 use sqlx::PgPool;
 use tera::Tera;
 use tide::Middleware;
-use url::Url;
 
 use crate::{config::RootConfig, storage::Storage};
 
@@ -64,24 +63,4 @@ impl State {
     pub fn csrf_middleware(&self) -> impl Middleware<Self> {
         self.config.csrf.clone().into_middleware()
     }
-
-    fn base(&self) -> Url {
-        self.config.oauth2.issuer.clone()
-    }
-
-    pub fn issuer(&self) -> Url {
-        self.base()
-    }
-
-    pub fn authorization_endpoint(&self) -> Option<Url> {
-        self.base().join("oauth2/authorize").ok()
-    }
-
-    pub fn token_endpoint(&self) -> Option<Url> {
-        self.base().join("oauth2/token").ok()
-    }
-
-    pub fn jwks_uri(&self) -> Option<Url> {
-        self.base().join(".well-known/jwks.json").ok()
-    }
 }