@@ -2,6 +2,7 @@ package server
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"mime"
 	"net"
@@ -15,6 +16,7 @@
 	cfg "website/internal/config"
 	"website/internal/log"
 
+	"github.com/benpate/digit"
 	"github.com/getsentry/sentry-go"
 	sentryhttp "github.com/getsentry/sentry-go/http"
 	"github.com/pkg/errors"
@@ -159,7 +161,33 @@
 	top := http.NewServeMux()
 	mux := http.NewServeMux()
 	log.Debug("binding main handler to", "host", runtimeConfig.BaseURL.Hostname()+"/")
-	mux.Handle(runtimeConfig.BaseURL.Hostname()+"/", webHandler(serveFile))
+	hostname := runtimeConfig.BaseURL.Hostname()
+	mux.Handle(hostname+"/", webHandler(serveFile))
+
+	var acctResource = "acct:" + config.Email
+	me := digit.NewResource(acctResource).
+		Link("http://openid.net/specs/connect/1.0/issuer", "", config.OIDCHost.String())
+	mux.HandleFunc(hostname+"/.well-known/webfinger", func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Query().Get("resource") == acctResource {
+			obj, err := json.Marshal(me)
+			if err != nil {
+				http.Error(
+					w,
+					http.StatusText(http.StatusInternalServerError),
+					http.StatusInternalServerError,
+				)
+
+				return
+			}
+
+			w.Header().Add("Content-Type", "application/jrd+json")
+			w.Header().Add("Access-Control-Allow-Origin", "*")
+			_, err = w.Write(obj)
+			if err != nil {
+				log.Warn("error writing webfinger request", "error", err)
+			}
+		}
+	})
 
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		newURL := runtimeConfig.BaseURL.String() + r.URL.String()