# auth.md

This is the agent registration and authentication specification for `davidbuenov.com`.

## Overview

This website is a static portfolio and blog. All resources are public and key-free. However, for compatibility with agentic registration protocols, this document outlines the mock registration and authentication process.

## Discovery

AI agents can discover the resource and authorization servers via the RFC 9728 discovery endpoints:
- Protected Resource Metadata: `/.well-known/oauth-protected-resource`
- Authorization Server Metadata: `/.well-known/oauth-authorization-server`

## Registration Methods

We support the **Anonymous** registration flow for AI agents.

### Anonymous Registration

To register anonymously, the agent can send a POST request:
- **Endpoint**: `https://davidbuenov.com/agent/register`
- **Method**: `POST`
- **Headers**:
  - `Content-Type: application/json`
- **Request Body**:
  ```json
  {
    "client_name": "AI Agent",
    "grant_types": ["client_credentials"],
    "scopes": ["public:read"]
  }
  ```

## Obtaining Credentials

Upon successful mock registration, the service returns a client credential set:
- **Client ID**: `anonymous_agent_client`
- **Client Secret**: `public_access_only`

Since all APIs are public, agents can also directly fetch data from:
- `https://davidbuenov.com/api/data.json`

## Revocation

Credentials can be revoked by sending a request to the revocation endpoint:
- **Endpoint**: `https://davidbuenov.com/agent/revoke`
- **Method**: `POST`