{
  "_comment": "OpenID Connect discovery metadata for the KYE Protocol reference deployment. Conformant Gateways publish their own values; reference values point to the open repo.",
  "issuer": "https://kye-protocol.github.io",
  "authorization_endpoint": "https://kye-protocol.github.io/oauth/authorize",
  "token_endpoint": "https://kye-protocol.github.io/oauth/token",
  "userinfo_endpoint": "https://kye-protocol.github.io/oauth/userinfo",
  "jwks_uri": "https://kye-protocol.github.io/.well-known/jwks.json",
  "scopes_supported": [
    "openid",
    "profile",
    "email",
    "kye:entity:read",
    "kye:entity:write",
    "kye:delegation:read",
    "kye:delegation:write",
    "kye:capability:invoke",
    "kye:audit:read"
  ],
  "response_types_supported": ["code", "id_token", "code id_token"],
  "subject_types_supported": ["public"],
  "id_token_signing_alg_values_supported": ["EdDSA", "ES256"],
  "grant_types_supported": ["authorization_code", "client_credentials", "refresh_token"],
  "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"],
  "code_challenge_methods_supported": ["S256"],
  "claims_supported": ["sub", "iss", "aud", "exp", "iat", "kye_entity_id", "kye_trust_domain"],
  "service_documentation": "https://kye-protocol.github.io/whitepaper.html"
}