[{"data":1,"prerenderedAt":595},["ShallowReactive",2],{"navigation":3,"/ecosystem/auth":145,"/ecosystem/auth-surround":590},[4,28,49,88,101,127],{"title":5,"path":6,"stem":7,"children":8,"icon":27},"Getting Started","/getting-started","1.getting-started/1.index",[9,11,15,19,23],{"title":10,"path":6,"stem":7},"Introduction",{"title":12,"path":13,"stem":14},"Working with Agents","/getting-started/working-with-agents","1.getting-started/2.working-with-agents",{"title":16,"path":17,"stem":18},"Setup a Service Provider","/getting-started/setup-service-provider","1.getting-started/3.setup-service-provider",{"title":20,"path":21,"stem":22},"Setup an Identity Provider","/getting-started/setup-identity-provider","1.getting-started/4.setup-identity-provider",{"title":24,"path":25,"stem":26},"Developers","/getting-started/developers","1.getting-started/5.developers",false,{"title":29,"icon":27,"path":30,"stem":31,"children":32,"page":27},"Guides","/guides","2.guides",[33,37,41,45],{"title":34,"path":35,"stem":36},"How It Works","/guides/how-it-works","2.guides/1.how-it-works",{"title":38,"path":39,"stem":40},"Capabilities Guide","/guides/capabilities-guide","2.guides/2.capabilities-guide",{"title":42,"path":43,"stem":44},"End-to-End Tutorial","/guides/end-to-end-tutorial","2.guides/3.end-to-end-tutorial",{"title":46,"path":47,"stem":48},"Delegation Guide","/guides/delegation-guide","2.guides/4.delegation-guide",{"title":50,"path":51,"stem":52,"children":53,"icon":27},"Ecosystem","/ecosystem","3.ecosystem/1.index",[54,56,60,64,68,72,76,80,84],{"title":55,"path":51,"stem":52},"Overview",{"title":57,"path":58,"stem":59},"grapes CLI","/ecosystem/grapes","3.ecosystem/2.grapes",{"title":61,"path":62,"stem":63},"shapes CLI","/ecosystem/shapes","3.ecosystem/3.shapes",{"title":65,"path":66,"stem":67},"escapes","/ecosystem/escapes","3.ecosystem/4.escapes",{"title":69,"path":70,"stem":71},"OpenApe Proxy","/ecosystem/proxy","3.ecosystem/5.proxy",{"title":73,"path":74,"stem":75},"OpenApe Browser","/ecosystem/browser","3.ecosystem/6.browser",{"title":77,"path":78,"stem":79},"OpenApe Auth","/ecosystem/auth","3.ecosystem/7.auth",{"title":81,"path":82,"stem":83},"OpenApe Grants","/ecosystem/grants","3.ecosystem/8.grants",{"title":85,"path":86,"stem":87},"nuxt-auth-sp","/ecosystem/nuxt-auth-sp","3.ecosystem/9.nuxt-auth-sp",{"title":89,"icon":27,"path":90,"stem":91,"children":92,"page":27},"Security","/security","4.security",[93,97],{"title":94,"path":95,"stem":96},"Compliance","/security/compliance","4.security/1.compliance",{"title":98,"path":99,"stem":100},"Threat Model","/security/threat-model","4.security/2.threat-model",{"title":102,"path":103,"stem":104,"children":105,"icon":27},"Reference","/reference","5.reference/1.index",[106,107,111,115,119,123],{"title":102,"path":103,"stem":104},{"title":108,"path":109,"stem":110},"IdP Configuration","/reference/idp-configuration","5.reference/2.idp-configuration",{"title":112,"path":113,"stem":114},"SP Configuration","/reference/sp-configuration","5.reference/3.sp-configuration",{"title":116,"path":117,"stem":118},"API Endpoints","/reference/api-endpoints","5.reference/4.api-endpoints",{"title":120,"path":121,"stem":122},"escapes Config","/reference/escapes-config","5.reference/5.escapes-config",{"title":124,"path":125,"stem":126},"Proxy Config","/reference/proxy-config","5.reference/6.proxy-config",{"title":128,"path":129,"stem":130,"children":131,"icon":27},"Operations","/operations","6.operations/1.index",[132,133,137,141],{"title":128,"path":129,"stem":130},{"title":134,"path":135,"stem":136},"Deployment","/operations/deployment","6.operations/2.deployment",{"title":138,"path":139,"stem":140},"Troubleshooting","/operations/troubleshooting","6.operations/3.troubleshooting",{"title":142,"path":143,"stem":144},"Monitoring","/operations/monitoring","6.operations/4.monitoring",{"id":146,"title":77,"body":147,"description":583,"extension":584,"links":585,"meta":586,"navigation":587,"path":78,"seo":588,"stem":79,"__hash__":589},"docs/3.ecosystem/7.auth.md",{"type":148,"value":149,"toc":574},"minimark",[150,154,159,163,208,212,215,220,261,265,285,289,292,297,344,357,500,504,507,511,543,553,562,570],[151,152,77],"h1",{"id":153},"openape-auth",[155,156,158],"h2",{"id":157},"openapecore","@openape/core",[160,161,162],"p",{},"The foundation package. Framework-agnostic, zero dependencies.",[164,165,166,179,185,191],"ul",{},[167,168,169,173,174,178],"li",{},[170,171,172],"strong",{},"DNS Discovery"," — resolve ",[175,176,177],"code",{},"_ddisa.{domain}"," TXT records to find the IdP",[167,180,181,184],{},[170,182,183],{},"PKCE"," — code challenge/verifier generation for secure OAuth flows",[167,186,187,190],{},[170,188,189],{},"JWT"," — sign, verify, and validate DDISA assertion tokens",[167,192,193,196,197,200,201,200,204,207],{},[170,194,195],{},"Types"," — ",[175,198,199],{},"DDISAAssertionClaims",", ",[175,202,203],{},"ActorType",[175,205,206],{},"AuthFlowState",", etc.",[155,209,211],{"id":210},"openapeauth","@openape/auth",[160,213,214],{},"Complete OIDC login protocol logic — both sides in one package.",[216,217,219],"h3",{"id":218},"idp-side","IdP Side",[164,221,222,228,234,244],{},[167,223,224,227],{},[175,225,226],{},"handleAuthorize()"," — validate authorization requests",[167,229,230,233],{},[175,231,232],{},"handleTokenExchange()"," — exchange codes for signed assertions",[167,235,236,239,240,243],{},[175,237,238],{},"issueAssertion()"," — create minimal AuthN-JWTs with ",[175,241,242],{},"act"," claim",[167,245,246,196,249,200,252,200,255,200,258],{},[170,247,248],{},"WebAuthn",[175,250,251],{},"createRegistrationOptions()",[175,253,254],{},"verifyRegistration()",[175,256,257],{},"createAuthenticationOptions()",[175,259,260],{},"verifyAuthentication()",[216,262,264],{"id":263},"sp-side","SP Side",[164,266,267,273,279],{},[167,268,269,272],{},[175,270,271],{},"discoverIdP()"," — DNS-based IdP discovery via DoH",[167,274,275,278],{},[175,276,277],{},"createAuthorizationURL()"," — build OAuth redirect with PKCE",[167,280,281,284],{},[175,282,283],{},"handleCallback()"," — exchange code, validate assertion",[155,286,288],{"id":287},"openapenuxt-auth-idp","@openape/nuxt-auth-idp",[160,290,291],{},"Drop-in Nuxt module. Add it, configure it, you're an IdP.",[160,293,294],{},[170,295,296],{},"Auto-registered routes:",[164,298,299,311,317,326,332,338],{},[167,300,301,200,304,200,307,310],{},[175,302,303],{},"/login",[175,305,306],{},"/register",[175,308,309],{},"/account"," — Passkey-based UI (overridable)",[167,312,313,316],{},[175,314,315],{},"/admin"," — User and agent management",[167,318,319,200,322,325],{},[175,320,321],{},"/authorize",[175,323,324],{},"/token"," — OAuth endpoints",[167,327,328,331],{},[175,329,330],{},"/.well-known/jwks.json"," — Public key discovery",[167,333,334,337],{},[175,335,336],{},"/api/webauthn/*"," — Registration and login flows",[167,339,340,343],{},[175,341,342],{},"/api/admin/*"," — User, agent, and registration URL management",[160,345,346],{},[170,347,348,349,352,353,356],{},"Configuration via ",[175,350,351],{},"openapeIdp"," in ",[175,354,355],{},"nuxt.config.ts",":",[358,359,364],"pre",{"className":360,"code":361,"language":362,"meta":363,"style":363},"language-ts shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","openapeIdp: {\n  rpName: 'My IdP',\n  rpID: 'id.example.com',\n  rpOrigin: 'https://id.example.com',\n  requireUserVerification: true,  // NIS2 strict mode\n  residentKey: 'required',        // true passkey experience\n  attestationType: 'none',        // or 'direct' for enterprise\n}\n","ts","",[175,365,366,380,401,418,435,454,474,494],{"__ignoreMap":363},[367,368,371,374,377],"span",{"class":369,"line":370},"line",1,[367,372,351],{"class":373},"sBMFI",[367,375,356],{"class":376},"sMK4o",[367,378,379],{"class":376}," {\n",[367,381,383,386,388,391,395,398],{"class":369,"line":382},2,[367,384,385],{"class":373},"  rpName",[367,387,356],{"class":376},[367,389,390],{"class":376}," '",[367,392,394],{"class":393},"sfazB","My IdP",[367,396,397],{"class":376},"'",[367,399,400],{"class":376},",\n",[367,402,404,407,409,411,414,416],{"class":369,"line":403},3,[367,405,406],{"class":373},"  rpID",[367,408,356],{"class":376},[367,410,390],{"class":376},[367,412,413],{"class":393},"id.example.com",[367,415,397],{"class":376},[367,417,400],{"class":376},[367,419,421,424,426,428,431,433],{"class":369,"line":420},4,[367,422,423],{"class":373},"  rpOrigin",[367,425,356],{"class":376},[367,427,390],{"class":376},[367,429,430],{"class":393},"https://id.example.com",[367,432,397],{"class":376},[367,434,400],{"class":376},[367,436,438,441,443,447,450],{"class":369,"line":437},5,[367,439,440],{"class":373},"  requireUserVerification",[367,442,356],{"class":376},[367,444,446],{"class":445},"sfNiH"," true",[367,448,449],{"class":376},",",[367,451,453],{"class":452},"sHwdD","  // NIS2 strict mode\n",[367,455,457,460,462,464,467,469,471],{"class":369,"line":456},6,[367,458,459],{"class":373},"  residentKey",[367,461,356],{"class":376},[367,463,390],{"class":376},[367,465,466],{"class":393},"required",[367,468,397],{"class":376},[367,470,449],{"class":376},[367,472,473],{"class":452},"        // true passkey experience\n",[367,475,477,480,482,484,487,489,491],{"class":369,"line":476},7,[367,478,479],{"class":373},"  attestationType",[367,481,356],{"class":376},[367,483,390],{"class":376},[367,485,486],{"class":393},"none",[367,488,397],{"class":376},[367,490,449],{"class":376},[367,492,493],{"class":452},"        // or 'direct' for enterprise\n",[367,495,497],{"class":369,"line":496},8,[367,498,499],{"class":376},"}\n",[155,501,503],{"id":502},"openapenuxt-auth-sp","@openape/nuxt-auth-sp",[160,505,506],{},"Drop-in Nuxt module. Stateless. Zero server storage.",[160,508,509],{},[170,510,296],{},[164,512,513,519,525,531,537],{},[167,514,515,518],{},[175,516,517],{},"/api/login"," — initiate DDISA login flow",[167,520,521,524],{},[175,522,523],{},"/api/callback"," — handle OAuth callback",[167,526,527,530],{},[175,528,529],{},"/api/logout"," — destroy session",[167,532,533,536],{},[175,534,535],{},"/api/me"," — current user info",[167,538,539,542],{},[175,540,541],{},"/.well-known/sp-manifest.json"," — SP metadata",[160,544,545,548,549,552],{},[170,546,547],{},"Composable:"," ",[175,550,551],{},"useOpenApeAuth()"," for client-side auth state.",[160,554,555,548,558,561],{},[170,556,557],{},"Component:",[175,559,560],{},"\u003COpenApeAuth />"," — prebuilt login form with customizable slots and CSS variables.",[160,563,564,565,569],{},"See the ",[566,567,568],"a",{"href":86},"dedicated nuxt-auth-sp docs"," for full API reference.",[571,572,573],"style",{},"html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sfNiH, html code.shiki .sfNiH{--shiki-light:#FF5370;--shiki-default:#FF9CAC;--shiki-dark:#FF9CAC}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":363,"searchDepth":403,"depth":382,"links":575},[576,577,581,582],{"id":157,"depth":382,"text":158},{"id":210,"depth":382,"text":211,"children":578},[579,580],{"id":218,"depth":403,"text":219},{"id":263,"depth":403,"text":264},{"id":287,"depth":382,"text":288},{"id":502,"depth":382,"text":503},"DNS-based identity for humans and agents.","md",null,{},true,{"title":77,"description":583},"j870elL2aC2H5Hx4KOlRRs2MOdbw5fee6vDwLgyaVoY",[591,593],{"title":73,"path":74,"stem":75,"description":592,"children":-1},"Grant-aware headless browser with route interception and delegation login.",{"title":81,"path":82,"stem":83,"description":594,"children":-1},"Human-in-the-loop permissions for agents.",1774221117377]