Getting Started
Setup a Service Provider
Add OpenApe authentication to your app in 3 steps.
Add Auth to Your App in 3 Steps
Step 1 — Install
pnpm add @openape/nuxt-auth-sp
Step 2 — Register the Module
nuxt.config.ts
export default defineNuxtConfig({
modules: ['@openape/nuxt-auth-sp'],
})
Step 3 — Add the Login Component
pages/login.vue
<template>
<OpenApeAuth />
</template>
That's it. Your app now supports passwordless login via the DDISA protocol.
It Just Works
- Zero config in development — session secrets are auto-generated,
clientIdis derived from your dev server port - Humans and agents use the same protocol — no special API keys, no separate bot accounts
- No vendor lock-in — DDISA is an open protocol based on DNS discovery, WebAuthn, and standard OAuth flows
What About the IdP?
You don't need to run an Identity Provider. Your users authenticate at their own IdP, discovered automatically via DNS.
- No DNS record for a user's domain? The fallback IdP (id.openape.at) handles it — free, zero-setup
- Users who want full control can run their own IdP with
@openape/nuxt-auth-idp - DNS discovery happens transparently — your app doesn't need to know where users authenticate
Production Checklist
Before deploying, set these values (via nuxt.config.ts or environment variables):
| Setting | Env Variable | Description |
|---|---|---|
clientId | NUXT_OPENAPE_SP_CLIENT_ID | Your service identifier (e.g. myapp.example.com) |
sessionSecret | NUXT_OPENAPE_SP_SESSION_SECRET | A random string, at least 32 characters |
spName | — | Human-readable name (shown in auth.md and SP manifest) |
nuxt.config.ts
export default defineNuxtConfig({
modules: ['@openape/nuxt-auth-sp'],
openapeSp: {
clientId: 'myapp.example.com',
spName: 'My App',
},
})
For AI Agents
Every SP automatically serves /.well-known/auth.md — a machine-readable Markdown document that describes how to authenticate. Agents can fetch this endpoint to discover the login flow, endpoints, and protocol details without any prior configuration.