{
  "name": "Rayor Connect",
  "description": "Fournisseur d'identite (SSO) de l'ecosysteme Rayor. Flux simplifie inspire d'OAuth2 — pas d'OpenID Connect standard, pas de id_token, pas de token endpoint, pas de client_secret.",
  "issuer": "https://connect.rayor.fr",
  "auth_flow": "oauth2-simplified",
  "client_id_is_domain": true,
  "client_secret_required": false,
  "data_minimization": true,
  "llms_txt": "https://connect.rayor.fr/llms.txt",
  "human_docs": "https://connect.rayor.fr/developers",
  "integration_kit": "https://connect.rayor.fr/rayor-connect-integration.zip",
  "contact": "contact@rayor.fr",
  "endpoints": {
    "authorize": {
      "method": "GET",
      "url": "https://connect.rayor.fr/authorize.php",
      "params": {
        "client_id": "Votre domaine (ex. mon-site.fr). Obligatoire.",
        "redirect_uri": "URL de retour, doit etre sur le domaine client_id. Obligatoire.",
        "scope": "Scopes separes par des espaces. Obligatoire.",
        "response_type": "code. Obligatoire.",
        "state": "Valeur anti-CSRF a verifier au retour. Recommande."
      },
      "returns": "Redirige vers redirect_uri?code=CODE&state=STATE"
    },
    "userinfo": {
      "method": "GET",
      "url": "https://connect.rayor.fr/api.php",
      "params": { "code": "Le code recu sur le redirect_uri. Usage unique, expire ~5 min." },
      "returns": "Profil JSON, uniquement les champs des scopes accordes."
    }
  },
  "scopes": {
    "openid": ["rayor_id"],
    "profile": ["given_name", "family_name", "nickname", "picture"],
    "email": ["email", "email_verified"],
    "phone": ["phone_number", "phone_number_verified"],
    "address": ["address"],
    "age": ["birthdate", "age", "age_verified"],
    "subscription": ["rayor_plus", "rayor_plan"],
    "preferences": ["liquid_glass"]
  },
  "claims": {
    "given_name": { "type": "string", "desc": "Prenom" },
    "family_name": { "type": "string", "desc": "Nom" },
    "nickname": { "type": "string", "desc": "Pseudo public" },
    "rayor_id": { "type": "string", "desc": "Identifiant public unique et stable (RAY-...)" },
    "picture": { "type": "string", "desc": "URL de la photo de profil (avatar ou Gravatar)" },
    "email": { "type": "string", "desc": "Adresse e-mail" },
    "email_verified": { "type": "boolean", "desc": "Toujours true" },
    "phone_number": { "type": "string", "desc": "Numero mobile" },
    "phone_number_verified": { "type": "boolean", "desc": "Non verifie (false)" },
    "address": { "type": "string", "desc": "Adresse postale" },
    "birthdate": { "type": "string", "desc": "Date de naissance AAAA-MM-JJ" },
    "age": { "type": "integer", "desc": "Age calcule" },
    "age_verified": { "type": "boolean", "desc": "true seulement apres verification d'identite" },
    "rayor_plus": { "type": "boolean", "desc": "L'utilisateur est abonne Rayor Plus" },
    "rayor_plan": { "type": "string", "enum": ["plus", "free"], "desc": "Formule du compte" },
    "liquid_glass": { "type": "boolean", "desc": "Preference d'interface Liquid Glass activee" }
  },
  "examples": [
    { "scope": "openid", "response": { "rayor_id": "RAY-42-XY" } },
    { "scope": "openid profile email", "response": { "given_name": "Camille", "family_name": "Martin", "nickname": "Camille", "rayor_id": "RAY-42-XY", "picture": "https://connect.rayor.fr/avatar.php?u=...", "email": "camille@exemple.fr", "email_verified": true } },
    { "scope": "openid email subscription preferences", "response": { "rayor_id": "RAY-42-XY", "email": "camille@exemple.fr", "email_verified": true, "rayor_plus": true, "rayor_plan": "plus", "liquid_glass": true } }
  ],
  "security": [
    "Generez et verifiez le parametre state (anti-CSRF).",
    "Le code est a usage unique et expire en ~5 min ; echangez-le cote serveur.",
    "Demandez le minimum de scopes (RGPD) et gerez l'absence d'un scope refuse."
  ]
}