Well-Known Endpoints
Standard OAuth and OIDC discovery endpoints.
Base URL: https://api.bluenexus.ai
GET /.well-known/oauth-authorization-server
OAuth Authorization Server Metadata (RFC 8414).
Auth: None
Response (200):
{
"issuer": "https://api.bluenexus.ai",
"authorization_endpoint": "https://app.bluenexus.ai/oauth/authorize",
"token_endpoint": "https://api.bluenexus.ai/api/v1/auth/token",
"revocation_endpoint": "https://api.bluenexus.ai/api/v1/auth/revoke",
"registration_endpoint": "https://api.bluenexus.ai/api/v1/auth/register",
"scopes_supported": ["universal-mcp-read", "universal-mcp-read-write", "..."],
"grant_types_supported": ["authorization_code", "refresh_token"],
"code_challenge_methods_supported": ["S256"],
"token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post", "none"],
"response_types_supported": ["code"],
"response_modes_supported": ["query"]
}
GET /.well-known/oauth-protected-resource
Protected Resource Metadata (RFC 8707). Used by MCP clients to discover the authorization server.
Auth: None
Response (200):
{
"resource": "https://api.bluenexus.ai",
"authorization_servers": ["https://api.bluenexus.ai"],
"scopes_supported": ["universal-mcp-read", "universal-mcp-read-write", "..."],
"bearer_methods_supported": ["header"],
"resource_documentation": "https://docs.bluenexus.ai"
}
GET /.well-known/openid-configuration
OpenID Connect Discovery.
Auth: None
GET /.well-known/jwks.json
JSON Web Key Set (RFC 7517). Public keys for verifying JWT tokens.
Auth: None
Response (200):
{
"keys": [
{
"kty": "RSA",
"kid": "key-id",
"use": "sig",
"alg": "RS256",
"n": "...",
"e": "AQAB"
}
]
}
GET /.well-known/oauth-client
Client ID Metadata Document.
Auth: None
Response (200):
{
"client_id": "https://api.bluenexus.ai/.well-known/oauth-client",
"client_name": "BlueNexus",
"redirect_uris": ["/v1/connections/callback"],
"grant_types": ["authorization_code"],
"response_types": ["code"],
"token_endpoint_auth_method": "none"
}