Reference docs for the OAuth service for AI agents and a standards-native identity platform. Catalogued by protocol, written to be integrated — not skimmed.
From zero to a working tenant and first token in five minutes.
→ FIG. 01 · MCP MCP authorizationOAuth for Model Context Protocol servers and clients — scoped tokens, consent, discovery.
→ FIG. 02 · A2A A2A delegationAgent-to-agent and on-behalf-of authorization between agents, scoped per agent.
→ FIG. 03 · OIDC OIDC + OAuth 2.1Discovery, JWKS, authorization-code + PKCE, single-use codes.
→ FIG. 04 · SAML SAML 2.0SP/IdP setup, XML-DSig verification, assertion mapping.
→ FIG. 05 · SCIM SCIM 2.0User and group provisioning, attribute mapping, sync.
→ FIG. 06 · DPoP DPoP · RFC 9449Sender-constrained tokens, proof construction, key binding.
→ FIG. 07 · WebAuthn WebAuthnPasskey registration, packed attestation verification.
→ FIG. 08 · VC Verifiable CredentialsVC-JWT, SD-JWT, Bitstring Status List revocation.
→ FIG. 09 · Tenancy Multi-tenancy & Management APIPer-tenant keys, did:web, the /v1 API, RBAC, webhooks, audit.
→ FIG. 10 · API API referenceEvery endpoint, rendered live from the OpenAPI 3.1 document.
→# create a tenant
$ npx oauth-work init \
--tenant acme GET /authorize
?response_type=code
&client_id=acme-web
&code_challenge=<S256>
&scope=openid POST /token
grant_type=
authorization_code
code_verifier=<…> Start free and follow the quickstart, or browse the catalogue first.