It's sometimes useful to be able to tweak individual endpoints for the OpenID Connect auth provider, for example to add additional parameters to the "authentication" API. One example is for Google, which specifies a prompt parameter telling Google to let the user pick between one of their accounts.

Currently the only way for an admin to add these parameters is by disabling discovery and manually configuring all of the OAuth2 endpoints. I think we should reverse this and make configured endpoints override any discovered ones.