{
  "issuer": "https://sutrace.io",
  "authorization_endpoint": "https://app.sutrace.io/signin",
  "token_endpoint": "https://app.sutrace.io/.well-known/oauth-token",
  "introspection_endpoint": "https://app.sutrace.io/.well-known/oauth-introspect",
  "revocation_endpoint": "https://app.sutrace.io/.well-known/oauth-revoke",
  "jwks_uri": "https://sutrace.io/.well-known/jwks.json",
  "scopes_supported": ["read:public", "read:workspace", "write:workspace", "openid", "email", "profile"],
  "response_types_supported": ["code"],
  "grant_types_supported": ["authorization_code", "refresh_token", "client_credentials"],
  "token_endpoint_auth_methods_supported": ["client_secret_basic", "client_secret_post"],
  "code_challenge_methods_supported": ["S256"],
  "service_documentation": "https://sutrace.io/legal/security",
  "x-sutrace": {
    "publisher": "Sutrace",
    "status": "preview",
    "note": "OAuth 2.0 server-side flows are in design for Business and Scale plan customers. The discovery document is published so AI agents and trust auditors can resolve us; the endpoints are not generally available yet. PKCE is required when GA.",
    "contact": "trust@sutrace.io",
    "website": "https://sutrace.io"
  }
}