{
  "issuer": "https://www.teosharmony.com",
  "authorization_endpoint": "https://www.teosharmony.com/login",
  "token_endpoint": "https://www.teosharmony.com/api/auth/login",
  "registration_endpoint": "https://www.teosharmony.com/api/auth/register",
  "userinfo_endpoint": "https://www.teosharmony.com/api/auth/me",
  "revocation_endpoint": "https://www.teosharmony.com/api/auth/logout",
  "end_session_endpoint": "https://www.teosharmony.com/api/auth/logout",
  "scopes_supported": [
    "read:public",
    "read:assessments",
    "write:assessments",
    "read:entitlements",
    "write:purchases",
    "admin:full"
  ],
  "response_types_supported": [
    "token"
  ],
  "grant_types_supported": [
    "password",
    "refresh_token"
  ],
  "subject_types_supported": [
    "public"
  ],
  "id_token_signing_alg_values_supported": [
    "HS256"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post"
  ],
  "claims_supported": [
    "sub",
    "email",
    "name",
    "role",
    "iat",
    "exp"
  ],
  "service_documentation": "https://www.teosharmony.com/openapi.json",
  "ui_locales_supported": [
    "en",
    "es",
    "ru"
  ],
  "_notes": "Harmony Holistics implements a SUBSET of OpenID Connect for agent discoverability — actual issuance uses a simple email+password login that returns an HS256 JWT. We do NOT implement the full Authorization Code, PKCE, or Client Credentials flows. Public endpoints don't require authentication; protected endpoints accept the JWT as `Authorization: Bearer <token>`."
}