# Agent Authentication - Judy Mora Moda Colombiana

This document describes how AI agents authenticate with Judy Moramoda services.

## Registration
- **register_uri**: `https://judymoramodacolombiana.com/oauth/register`
- Dynamic Client Registration per RFC 7591.

## OAuth 2.1 Endpoints
- **issuer**: `https://judymoramodacolombiana.com`
- **authorization_endpoint**: `https://judymoramodacolombiana.com/oauth/authorize`
- **token_endpoint**: `https://judymoramodacolombiana.com/oauth/token`
- **revocation_endpoint**: `https://judymoramodacolombiana.com/oauth/revoke`
- **jwks_uri**: `https://judymoramodacolombiana.com/.well-known/jwks.json`

## Supported Credentials
- `client_secret_basic`
- Public clients with PKCE (S256) — `none`

## Identity Types
- End-user delegated (authorization_code + PKCE)
- Autonomous agent (client_credentials)

## Scopes
| Scope | Description |
| --- | --- |
| `read:catalog` | Browse public catalog and collections |
| `read:products` | Read product details, prices, inventory |
| `write:orders` | Create and modify orders on user's behalf |
| `read:profile` | Read the signed-in customer profile |

## Claim Endpoint
`GET https://judymoramodacolombiana.com/oauth/userinfo` — returns OIDC claims for the authenticated subject.

## Revocation Endpoint
`POST https://judymoramodacolombiana.com/oauth/revoke` — per RFC 7009.

## Discovery
- `https://judymoramodacolombiana.com/.well-known/openid-configuration`
- `https://judymoramodacolombiana.com/.well-known/oauth-authorization-server`
- `https://judymoramodacolombiana.com/.well-known/oauth-protected-resource`
