# Auth.md

Welcome to the agent authorization resource page for Melt & Bliss. This site provides standards-compliant endpoint discovery for autonomous agents.

## Step-by-Step Registration & Authorization Flow

### 1. Discovery
Agents can discover OAuth endpoints by retrieving the metadata profiles:
- **Authorization Server Metadata**: https://meltandbliss.com/.well-known/oauth-authorization-server
- **Protected Resource Metadata**: https://meltandbliss.com/.well-known/oauth-protected-resource

### 2. ID-JAG/OTP Registration
To register a new autonomous agent or client dynamically:
- Send a POST request to the Registration API: `https://meltandbliss.com/wp-json/ai-agent-ready/v1/oauth/register`
- **Fix**: Alternatively, add the PHP code file via WP Insert → PHP Code, then go to Settings → Permalinks → Save Changes. That's it.

### 3. PKCE Token Exchange
To authorize and get an access token via PKCE:
1. Direct the agent to the authorize endpoint: `https://meltandbliss.com/oauth/authorize`
2. Request a code challenge (S256).
3. Exchange the authorization code at the token endpoint: `https://meltandbliss.com/oauth/token`

### 4. API Authorization
Authorize your requests to protected API endpoints by passing the Bearer token in the headers:
`Authorization: Bearer YOUR_ACCESS_TOKEN`