{
  "_comment": "Discovery metadata for the KYE Protocol reference deployment. A bank or vendor that hosts a conformant Gateway publishes its own values here. The reference values point to the open repo and are not a live OAuth endpoint.",
  "issuer": "https://kye-protocol.github.io",
  "authorization_endpoint": "https://kye-protocol.github.io/oauth/authorize",
  "token_endpoint": "https://kye-protocol.github.io/oauth/token",
  "jwks_uri": "https://kye-protocol.github.io/.well-known/jwks.json",
  "scopes_supported": [
    "kye:entity:read",
    "kye:entity:write",
    "kye:delegation:read",
    "kye:delegation:write",
    "kye:capability:invoke",
    "kye:audit:read",
    "kye:audit:point-in-time",
    "kye:recovery:request",
    "kye:recovery:decide",
    "kye:break-glass:request",
    "kye:keys:rotate"
  ],
  "response_types_supported": ["code"],
  "grant_types_supported": ["authorization_code", "client_credentials", "refresh_token"],
  "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"],
  "code_challenge_methods_supported": ["S256"],
  "service_documentation": "https://kye-protocol.github.io/whitepaper.html",
  "ui_locales_supported": ["en"]
}