diff --git a/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java
new file mode 100644
index 00000000..b9a5cb32
--- /dev/null
+++ b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/request/OidcApplicationConfigurationRequest.java
@@ -0,0 +1,33 @@
+/*
+ * PowerAuth Enrollment Server
+ * Copyright (C) 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.app.enrollmentserver.api.model.enrollment.request;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+
+/**
+ * Request object for OIDC application configuration.
+ *
+ * @author Lubos Racansky, lubos.racansky@wultra.com
+ */
+@Data
+public class OidcApplicationConfigurationRequest {
+
+    @NotBlank
+    private String providerId;
+}
diff --git a/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java
new file mode 100644
index 00000000..eea61dac
--- /dev/null
+++ b/enrollment-server-api-model/src/main/java/com/wultra/app/enrollmentserver/api/model/enrollment/response/OidcApplicationConfigurationResponse.java
@@ -0,0 +1,42 @@
+/*
+ * PowerAuth Enrollment Server
+ * Copyright (C) 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.app.enrollmentserver.api.model.enrollment.response;
+
+import lombok.Data;
+
+/**
+ * Response object for OIDC application configuration.
+ *
+ * @author Lubos Racansky, lubos.racansky@wultra.com
+ */
+@Data
+public class OidcApplicationConfigurationResponse {
+
+    private String providerId;
+    private String clientId;
+    private String scopes;
+    private String authorizeUri;
+    private String redirectUri;
+
+    /**
+     * A hint for the mobile application whether to user PKCE.
+     * If set to {@code true}, {@code codeVerifier} must be present in identity attributes during create activation step.
+     */
+    private boolean pkceEnabled;
+
+}
diff --git a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java
new file mode 100644
index 00000000..47f3b686
--- /dev/null
+++ b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/controller/api/ApplicationConfigurationController.java
@@ -0,0 +1,95 @@
+/*
+ * PowerAuth Enrollment Server
+ * Copyright (C) 2024 Wultra s.r.o.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.wultra.app.enrollmentserver.controller.api;
+
+import com.wultra.app.enrollmentserver.api.model.enrollment.request.OidcApplicationConfigurationRequest;
+import com.wultra.app.enrollmentserver.api.model.enrollment.response.OidcApplicationConfigurationResponse;
+import io.getlime.core.rest.model.base.response.ObjectResponse;
+import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody;
+import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption;
+import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionContext;
+import io.getlime.security.powerauth.rest.api.spring.encryption.EncryptionScope;
+import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthApplicationConfigurationException;
+import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
+import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcApplicationConfiguration;
+import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcApplicationConfigurationService;
+import io.getlime.security.powerauth.rest.api.spring.service.oidc.OidcConfigurationQuery;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Controller that provides application configuration.
+ *
+ * @author Lubos Racansky, lubos.racansky@wultra.com
+ */
+@RestController
+@RequestMapping("/api/config")
+@Slf4j
+@AllArgsConstructor
+public class ApplicationConfigurationController {
+
+    private OidcApplicationConfigurationService oidcApplicationConfigurationService;
+
+    /**
+     * Fetch OIDC application configuration.
+     *
+     * @param request Request OIDC application configuration.
+     * @param encryptionContext PowerAuth ECIES encryption context.
+     * @return OIDC application configuration.
+     * @throws PowerAuthApplicationConfigurationException In case there is an error while fetching claims.
+     * @throws PowerAuthEncryptionException In case of failed encryption.
+     */
+    @PowerAuthEncryption(scope = EncryptionScope.APPLICATION_SCOPE)
+    @PostMapping("oidc")
+    @Operation(
+            summary = "Fetch OIDC application configuration.",
+            description = "Fetch OIDC application configuration."
+    )
+    public ObjectResponse<OidcApplicationConfigurationResponse> fetchOidcConfiguration(
+            @EncryptedRequestBody OidcApplicationConfigurationRequest request,
+            @Parameter(hidden = true) EncryptionContext encryptionContext) throws PowerAuthEncryptionException, PowerAuthApplicationConfigurationException {
+
+        if (encryptionContext == null) {
+            logger.error("Encryption failed");
+            throw new PowerAuthEncryptionException("Encryption failed");
+        }
+
+        final OidcApplicationConfiguration oidcApplicationConfiguration = oidcApplicationConfigurationService.fetchOidcApplicationConfiguration(OidcConfigurationQuery.builder()
+                .providerId(request.getProviderId())
+                .applicationKey(encryptionContext.getApplicationKey())
+                .build());
+        final OidcApplicationConfigurationResponse result = convert(oidcApplicationConfiguration);
+        return new ObjectResponse<>(result);
+    }
+
+    private static OidcApplicationConfigurationResponse convert(final OidcApplicationConfiguration source) {
+        final OidcApplicationConfigurationResponse target = new OidcApplicationConfigurationResponse();
+        target.setClientId(source.getClientId());
+        target.setAuthorizeUri(source.getAuthorizeUri());
+        target.setScopes(source.getScopes());
+        target.setRedirectUri(source.getRedirectUri());
+        target.setProviderId(source.getProviderId());
+        target.setPkceEnabled(source.isPkceEnabled());
+        return target;
+    }
+}
diff --git a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java
index e85b9522..0caac97d 100644
--- a/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java
+++ b/enrollment-server/src/main/java/com/wultra/app/enrollmentserver/errorhandling/DefaultExceptionHandler.java
@@ -20,6 +20,7 @@
 
 import com.wultra.security.powerauth.lib.mtoken.model.enumeration.ErrorCode;
 import io.getlime.core.rest.model.base.response.ErrorResponse;
+import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthApplicationConfigurationException;
 import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.http.HttpStatus;
@@ -147,6 +148,18 @@ public class DefaultExceptionHandler {
         return new ErrorResponse("ACTIVATION_CODE_FAILED", "Unable to fetch activation code.");
     }
 
+    /**
+     * Handling of application configuration exceptions.
+     * @param ex Exception.
+     * @return Response with error details.
+     */
+    @ExceptionHandler(PowerAuthApplicationConfigurationException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public @ResponseBody ErrorResponse handleActivationCodeException(PowerAuthApplicationConfigurationException ex) {
+        logger.warn("Unable to fetch application configuration", ex);
+        return new ErrorResponse("APPLICATION_CONFIGURATION_ERROR", "Unable to fetch application configuration.");
+    }
+
     /**
      * Handling of inbox exceptions.
      * @param ex Exception.
diff --git a/pom.xml b/pom.xml
index 66b87a95..3cb4b9c6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.3.2</version>
+        <version>3.3.3</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
 
@@ -88,11 +88,11 @@
     </modules>
 
     <properties>
-        <openapi-generator-maven-plugin.version>7.7.0</openapi-generator-maven-plugin.version>
+        <openapi-generator-maven-plugin.version>7.8.0</openapi-generator-maven-plugin.version>
 
-        <shedlock.version>5.14.0</shedlock.version>
+        <shedlock.version>5.16.0</shedlock.version>
         <spring-statemachine.version>4.0.0</spring-statemachine.version>
-        <swagger-annotations-jakarta.version>2.2.22</swagger-annotations-jakarta.version>
+        <swagger-annotations-jakarta.version>2.2.23</swagger-annotations-jakarta.version>
         <springdoc-openapi-starter-webmvc-ui.version>2.6.0</springdoc-openapi-starter-webmvc-ui.version>
         <moneta.version>1.4.4</moneta.version>
 
@@ -101,7 +101,7 @@
         <powerauth-restful-integration.version>1.9.0-SNAPSHOT</powerauth-restful-integration.version>
         <powerauth-push.version>1.9.0-SNAPSHOT</powerauth-push.version>
 
-        <logstash.version>7.4</logstash.version>
+        <logstash.version>8.0</logstash.version>
     </properties>
 
     <dependencyManagement>