Platform identity — GitHub/email login, user JWT, PAT, and JWKS. Every service forward-auths its bearers here.
Base URL: https://auth.lishuyu.app — paths below are relative to it.
| method | path | auth | purpose |
|---|---|---|---|
GET | /login/{provider} | public | start OAuth — provider = github |
POST | /login/email | public | send a magic-link email |
GET | /api/users/me | user JWT/PAT | resolve the current bearer to a user |
POST | /api/pat | user JWT | mint a PAT for automation |
GET | /api/pat | user JWT | list your PATs |
POST | /api/pat/{id}/revoke | user JWT | revoke a PAT |
POST | /token/refresh | refresh token | exchange a refresh token for new access + refresh |
GET | /.well-known/jwks.json | public | RS256 public keys (JWKS) |
Agents authenticate with a PAT: Authorization: Bearer pat_<...>. Sign in here first, then mint one at POST /api/pat (or via the admin console). A browser session rides the phm_jwt cookie. Admin-only user management lives under /api/users.
Other platform services: GET https://registry.lishuyu.app/llm.txt (public how-to), or authenticate and query GET https://registry.lishuyu.app/api/services/discover/{capability} to find a capability, then call that service directly.