diff --git a/src/OrchardCore.Modules/OrchardCore.OpenId/Deployment/OpenIdServerDeploymentSource.cs b/src/OrchardCore.Modules/OrchardCore.OpenId/Deployment/OpenIdServerDeploymentSource.cs
index 12944593e28..89e95ff2bde 100644
--- a/src/OrchardCore.Modules/OrchardCore.OpenId/Deployment/OpenIdServerDeploymentSource.cs
+++ b/src/OrchardCore.Modules/OrchardCore.OpenId/Deployment/OpenIdServerDeploymentSource.cs
@@ -1,6 +1,7 @@
 using System.Threading.Tasks;
 using Newtonsoft.Json.Linq;
 using OrchardCore.Deployment;
+using OrchardCore.OpenId.Recipes;
 using OrchardCore.OpenId.Services;
 using OrchardCore.OpenId.Settings;
 
@@ -24,9 +25,41 @@ public async Task ProcessDeploymentStepAsync(DeploymentStep step, DeploymentPlan
                 return;
             }
 
-            var serverSettings = await _openIdServerService
+            var settings = await _openIdServerService
                 .GetSettingsAsync();
 
+            var settingsModel = new OpenIdServerSettingsStepModel
+            {
+                AccessTokenFormat = settings.AccessTokenFormat,
+                Authority = settings.Authority?.AbsoluteUri,
+
+                EncryptionCertificateStoreLocation = settings.EncryptionCertificateStoreLocation,
+                EncryptionCertificateStoreName = settings.EncryptionCertificateStoreName,
+                EncryptionCertificateThumbprint = settings.EncryptionCertificateThumbprint,
+
+                SigningCertificateStoreLocation = settings.SigningCertificateStoreLocation,
+                SigningCertificateStoreName = settings.SigningCertificateStoreName,
+                SigningCertificateThumbprint = settings.SigningCertificateThumbprint,
+
+                // The recipe step only reads these flags, and uses constants for the paths.
+                // Conversely, we export true for endpoints with a path, false for those without.
+                EnableAuthorizationEndpoint = !string.IsNullOrWhiteSpace(settings.AuthorizationEndpointPath),
+                EnableLogoutEndpoint = !string.IsNullOrWhiteSpace(settings.LogoutEndpointPath),
+                EnableTokenEndpoint = !string.IsNullOrWhiteSpace(settings.TokenEndpointPath),
+                EnableUserInfoEndpoint = !string.IsNullOrWhiteSpace(settings.UserinfoEndpointPath),
+
+                AllowAuthorizationCodeFlow = settings.AllowAuthorizationCodeFlow,
+                AllowClientCredentialsFlow = settings.AllowClientCredentialsFlow,
+                AllowHybridFlow = settings.AllowHybridFlow,
+                AllowImplicitFlow = settings.AllowImplicitFlow,
+                AllowPasswordFlow = settings.AllowPasswordFlow,
+                AllowRefreshTokenFlow = settings.AllowRefreshTokenFlow,
+
+                DisableAccessTokenEncryption = settings.DisableAccessTokenEncryption,
+                DisableRollingRefreshTokens = settings.DisableRollingRefreshTokens,
+                UseReferenceAccessTokens = settings.UseReferenceAccessTokens,
+            };
+
             // Use nameof(OpenIdServerSettings) as name,
             // to match the recipe step.
             var obj = new JObject(
@@ -34,7 +67,7 @@ public async Task ProcessDeploymentStepAsync(DeploymentStep step, DeploymentPlan
                     "name",
                     nameof(OpenIdServerSettings)));
 
-            obj.Merge(JObject.FromObject(serverSettings));
+            obj.Merge(JObject.FromObject(settingsModel));
 
             result.Steps.Add(obj);
         }
diff --git a/test/OrchardCore.Tests/Modules/OrchardCore.OpenId/OpenIdServerDeploymentSourceTests.cs b/test/OrchardCore.Tests/Modules/OrchardCore.OpenId/OpenIdServerDeploymentSourceTests.cs
index a7c6f848cb4..16b0cb2f25d 100644
--- a/test/OrchardCore.Tests/Modules/OrchardCore.OpenId/OpenIdServerDeploymentSourceTests.cs
+++ b/test/OrchardCore.Tests/Modules/OrchardCore.OpenId/OpenIdServerDeploymentSourceTests.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
 using Moq;
@@ -17,13 +18,42 @@ namespace OrchardCore.Tests.Modules.OrchardCore.OpenId
 {
     public class OpenIdServerDeploymentSourceTests
     {
-        private static OpenIdServerSettings CreateSettings(string authority, TokenFormat tokenFormat)
+        private static OpenIdServerSettings CreateSettings(string authority, TokenFormat tokenFormat, bool initializeAllProperties)
         {
-            return new OpenIdServerSettings
+            var result = new OpenIdServerSettings
             {
                 Authority = new Uri(authority),
                 AccessTokenFormat = tokenFormat
             };
+
+            if (initializeAllProperties)
+            {
+                result.TokenEndpointPath = "/connect/token";
+                result.AuthorizationEndpointPath = "/connect/authorize";
+                result.LogoutEndpointPath = "/connect/logout";
+                result.UserinfoEndpointPath = "/connect/userinfo";
+
+                result.EncryptionCertificateStoreLocation = StoreLocation.LocalMachine;
+                result.EncryptionCertificateStoreName = StoreName.My;
+                result.EncryptionCertificateThumbprint = Guid.NewGuid().ToString();
+
+                result.SigningCertificateStoreLocation = StoreLocation.LocalMachine;
+                result.SigningCertificateStoreName = StoreName.My;
+                result.SigningCertificateThumbprint = Guid.NewGuid().ToString();
+
+                result.AllowAuthorizationCodeFlow = true;
+                result.AllowClientCredentialsFlow = true;
+                result.AllowHybridFlow = true;
+                result.AllowImplicitFlow = true;
+                result.AllowPasswordFlow = true;
+                result.AllowRefreshTokenFlow = true;
+
+                result.DisableAccessTokenEncryption = true;
+                result.DisableRollingRefreshTokens = true;
+                result.UseReferenceAccessTokens = true;
+            }
+
+            return result;
         }
 
         private static Mock<IOpenIdServerService> CreateServerServiceWithSettingsMock(OpenIdServerSettings settings)
@@ -47,14 +77,21 @@ public async Task ServerDeploymentSourceIsReadableByRecipe()
             // Arrange
             var recipeFile = "Recipe.json";
 
-            var expectedSettings = CreateSettings("https://deploy.localhost", TokenFormat.JsonWebToken);
+            var expectedSettings = CreateSettings("https://deploy.localhost", TokenFormat.JsonWebToken, true);
             var deployServerServiceMock = CreateServerServiceWithSettingsMock(expectedSettings);
 
-            var actualSettings = CreateSettings("https://recipe.localhost", TokenFormat.DataProtection);
+            var actualSettings = CreateSettings("https://recipe.localhost", TokenFormat.DataProtection, false);
             var recipeServerServiceMock = CreateServerServiceWithSettingsMock(actualSettings);
 
-            Assert.NotEqual(expectedSettings.Authority, actualSettings.Authority);
-            Assert.NotEqual(expectedSettings.AccessTokenFormat, actualSettings.AccessTokenFormat);
+            var settingsProperties = typeof(OpenIdServerSettings)
+                .GetProperties();
+
+            foreach (var property in settingsProperties)
+            {
+                Assert.NotEqual(
+                    property.GetValue(expectedSettings),
+                    property.GetValue(actualSettings));
+            }
 
             var fileBuilder = new MemoryFileBuilder();
             var descriptor = new RecipeDescriptor();
@@ -82,8 +119,12 @@ public async Task ServerDeploymentSourceIsReadableByRecipe()
             await recipeStep.ExecuteAsync(recipeContext);
 
             // Assert
-            Assert.Equal(expectedSettings.Authority, actualSettings.Authority);
-            Assert.Equal(expectedSettings.AccessTokenFormat, actualSettings.AccessTokenFormat);
+            foreach (var property in settingsProperties)
+            {
+                Assert.Equal(
+                    property.GetValue(expectedSettings),
+                    property.GetValue(actualSettings));
+            }
         }
     }
 }