OpenAuth Service

Mael OpenAuth

OpenAuth issuer with password, passcode, Discord, and Google sign-in plus file-backed client registration.

Control

Clients

Providers

Flow

OAuth

GET https://openauth.mael.tech/authorize?client_id=merlins-day-off-web&redirect_uri=https%3A%2F%2Fmerlin.mael.tech%2Fapi%2Fauth%2Fcallback&response_type=code&state=merlins-day-off-home

How to Integrate

Register each client in src/clients.ts, then start the OAuth flow at /authorize with that exact client_id and one of the committed redirect_uri values.

GET https://openauth.mael.tech/authorize?client_id=<client-id>&redirect_uri=<registered-callback>&response_type=code

To bypass the provider chooser, add provider=password, provider=passcode, provider=discord, or provider=google when that provider is allowed for the client.

Enabled Providers

password
discord

Endpoints

https://openauth.mael.tech/.well-known/oauth-authorization-server
https://openauth.mael.tech/.well-known/jwks.json
https://openauth.mael.tech/authorize
https://openauth.mael.tech/token

Registered Clients

Merlin's Day Off Web merlins-day-off-web

Browser client for Merlin's Day Off.

Passcode env
CLIENT_PASSCODE_MERLINS_DAY_OFF_WEB

Token Subject Contract

{
  "type": "user",
  "properties": {
    "id": "<stable-user-id>",
    "email": "<verified-email>",
    "name": "<provider-display-name-or-null>",
    "avatar": "<provider-avatar-url-or-null>"
  }
}