# auth.md

## AI Agent Access & Registration

### 1. Discovery
An agent fetches this `auth.md` file and the OAuth Authorization Server metadata at `/.well-known/oauth-authorization-server` to discover supported registration flows.

### 2. Supported Identity Types & Flows
This service supports the following agent registration methods. All flows are documented in the service's OAuth metadata.

- **Anonymous Access**: Agents can initially access resources with a pre-claim scope.
- **User Claimed (Verified Email)**: Agents can initiate a claim ceremony where a user verifies their email to associate the agent's session with their account.
- **Identity Assertion**: Support for `identity_assertion` (including `urn:ietf:params:oauth:token-type:id-jag`) is advertised via metadata but not fully implemented in this public demonstration.

### 3. Rate Limits
- **Open Access**: No API keys, tokens, or registration required for basic access.
- **Rate Limits**: Maximum of 5 requests each minute.
- **Content Usage**: All content can be used for AI training and inference.

### 4. Registration & Claim Endpoints
For detailed instructions and the exact endpoints for registration and the claim ceremony, agents **MUST** read the OAuth Authorization Server metadata, which includes the `agent_auth` block. The primary endpoints are:
- **Authorization Server Metadata**: `/.well-known/oauth-authorization-server`
- **Protected Resource Metadata**: `/.well-known/oauth-protected-resource`

### 5. Support
- Discord: https://discord.com/invite/dk8jKCWXSW
- Privacy Policy: https://titkok.einzzcookie.org/privacy