diff --git a/hiboo/sso/oidc.py b/hiboo/sso/oidc.py
index b9aab8972bdc0cb3daae813d43aed1bb91e3bb58..eb14b5a682b8b722ed37b38ee42fe351b2259743 100644
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -125,7 +125,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         service = self.service
         return {
             'key': service.config["jwt_key"], 'alg': service.config["jwt_alg"],
-            'iss': flask.url_for("sso.oidc_token", service_uuid=service.uuid, _external=True),
+            'iss': flask.url_for("sso.oidc_issuer", service_uuid=service.uuid, _external=True),
             'exp': 3600,
         }
 
@@ -178,7 +178,7 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         """
         uuid = self.service.uuid
         return flask.jsonify({
-            "issuer": flask.url_for("sso.oidc_token", service_uuid=uuid, _external=True),
+            "issuer": flask.url_for("sso.oidc_issuer", service_uuid=uuid, _external=True),
             "authorization_endpoint": flask.url_for("sso.oidc_authorize", service_uuid=uuid, _external=True),
             "token_endpoint": flask.url_for("sso.oidc_token", service_uuid=uuid, _external=True),
             "userinfo_endpoint": flask.url_for("sso.oidc_userinfo", service_uuid=uuid, _external=True),
@@ -193,6 +193,11 @@ class Client(sqla_oauth2.OAuth2ClientMixin):
         return flask.jsonify({"keys": [self.service.config["jwt_public_key"]]})
 
 
+@blueprint.route("/oidc/<service_uuid>")
+def oidc_issuer(service_uuid):
+    return flask.redirect(".oidc_discovery", service_uuid)
+
+
 @blueprint.route("/oidc/authorize/<service_uuid>", methods=["GET", "POST"])
 @blueprint.route("/oidc/<service_uuid>/authorize", methods=["GET", "POST"])
 @security.authentication_required()