[{"data":1,"prerenderedAt":579},["ShallowReactive",2],{"navigation":3,"/getting-started/setup-service-provider":145,"/getting-started/setup-service-provider-surround":574},[4,28,49,88,101,127],{"title":5,"path":6,"stem":7,"children":8,"icon":27},"Getting Started","/getting-started","1.getting-started/1.index",[9,11,15,19,23],{"title":10,"path":6,"stem":7},"Introduction",{"title":12,"path":13,"stem":14},"Working with Agents","/getting-started/working-with-agents","1.getting-started/2.working-with-agents",{"title":16,"path":17,"stem":18},"Setup a Service Provider","/getting-started/setup-service-provider","1.getting-started/3.setup-service-provider",{"title":20,"path":21,"stem":22},"Setup an Identity Provider","/getting-started/setup-identity-provider","1.getting-started/4.setup-identity-provider",{"title":24,"path":25,"stem":26},"Developers","/getting-started/developers","1.getting-started/5.developers",false,{"title":29,"icon":27,"path":30,"stem":31,"children":32,"page":27},"Guides","/guides","2.guides",[33,37,41,45],{"title":34,"path":35,"stem":36},"How It Works","/guides/how-it-works","2.guides/1.how-it-works",{"title":38,"path":39,"stem":40},"Capabilities Guide","/guides/capabilities-guide","2.guides/2.capabilities-guide",{"title":42,"path":43,"stem":44},"End-to-End Tutorial","/guides/end-to-end-tutorial","2.guides/3.end-to-end-tutorial",{"title":46,"path":47,"stem":48},"Delegation Guide","/guides/delegation-guide","2.guides/4.delegation-guide",{"title":50,"path":51,"stem":52,"children":53,"icon":27},"Ecosystem","/ecosystem","3.ecosystem/1.index",[54,56,60,64,68,72,76,80,84],{"title":55,"path":51,"stem":52},"Overview",{"title":57,"path":58,"stem":59},"grapes CLI","/ecosystem/grapes","3.ecosystem/2.grapes",{"title":61,"path":62,"stem":63},"shapes CLI","/ecosystem/shapes","3.ecosystem/3.shapes",{"title":65,"path":66,"stem":67},"escapes","/ecosystem/escapes","3.ecosystem/4.escapes",{"title":69,"path":70,"stem":71},"OpenApe Proxy","/ecosystem/proxy","3.ecosystem/5.proxy",{"title":73,"path":74,"stem":75},"OpenApe Browser","/ecosystem/browser","3.ecosystem/6.browser",{"title":77,"path":78,"stem":79},"OpenApe Auth","/ecosystem/auth","3.ecosystem/7.auth",{"title":81,"path":82,"stem":83},"OpenApe Grants","/ecosystem/grants","3.ecosystem/8.grants",{"title":85,"path":86,"stem":87},"nuxt-auth-sp","/ecosystem/nuxt-auth-sp","3.ecosystem/9.nuxt-auth-sp",{"title":89,"icon":27,"path":90,"stem":91,"children":92,"page":27},"Security","/security","4.security",[93,97],{"title":94,"path":95,"stem":96},"Compliance","/security/compliance","4.security/1.compliance",{"title":98,"path":99,"stem":100},"Threat Model","/security/threat-model","4.security/2.threat-model",{"title":102,"path":103,"stem":104,"children":105,"icon":27},"Reference","/reference","5.reference/1.index",[106,107,111,115,119,123],{"title":102,"path":103,"stem":104},{"title":108,"path":109,"stem":110},"IdP Configuration","/reference/idp-configuration","5.reference/2.idp-configuration",{"title":112,"path":113,"stem":114},"SP Configuration","/reference/sp-configuration","5.reference/3.sp-configuration",{"title":116,"path":117,"stem":118},"API Endpoints","/reference/api-endpoints","5.reference/4.api-endpoints",{"title":120,"path":121,"stem":122},"escapes Config","/reference/escapes-config","5.reference/5.escapes-config",{"title":124,"path":125,"stem":126},"Proxy Config","/reference/proxy-config","5.reference/6.proxy-config",{"title":128,"path":129,"stem":130,"children":131,"icon":27},"Operations","/operations","6.operations/1.index",[132,133,137,141],{"title":128,"path":129,"stem":130},{"title":134,"path":135,"stem":136},"Deployment","/operations/deployment","6.operations/2.deployment",{"title":138,"path":139,"stem":140},"Troubleshooting","/operations/troubleshooting","6.operations/3.troubleshooting",{"title":142,"path":143,"stem":144},"Monitoring","/operations/monitoring","6.operations/4.monitoring",{"id":146,"title":16,"body":147,"description":567,"extension":568,"links":569,"meta":570,"navigation":571,"path":17,"seo":572,"stem":18,"__hash__":573},"docs/1.getting-started/3.setup-service-provider.md",{"type":148,"value":149,"toc":558},"minimark",[150,155,160,186,190,255,259,298,302,306,333,337,340,368,372,378,451,543,547,554],[151,152,154],"h1",{"id":153},"add-auth-to-your-app-in-3-steps","Add Auth to Your App in 3 Steps",[156,157,159],"h2",{"id":158},"step-1-install","Step 1 — Install",[161,162,167],"pre",{"className":163,"code":164,"language":165,"meta":166,"style":166},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","pnpm add @openape/nuxt-auth-sp\n","bash","",[168,169,170],"code",{"__ignoreMap":166},[171,172,175,179,183],"span",{"class":173,"line":174},"line",1,[171,176,178],{"class":177},"sBMFI","pnpm",[171,180,182],{"class":181},"sfazB"," add",[171,184,185],{"class":181}," @openape/nuxt-auth-sp\n",[156,187,189],{"id":188},"step-2-register-the-module","Step 2 — Register the Module",[161,191,196],{"className":192,"code":193,"filename":194,"language":195,"meta":166,"style":166},"language-ts shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","export default defineNuxtConfig({\n  modules: ['@openape/nuxt-auth-sp'],\n})\n","nuxt.config.ts","ts",[168,197,198,219,246],{"__ignoreMap":166},[171,199,200,204,207,211,215],{"class":173,"line":174},[171,201,203],{"class":202},"s7zQu","export",[171,205,206],{"class":202}," default",[171,208,210],{"class":209},"s2Zo4"," defineNuxtConfig",[171,212,214],{"class":213},"sTEyZ","(",[171,216,218],{"class":217},"sMK4o","{\n",[171,220,222,226,229,232,235,238,240,243],{"class":173,"line":221},2,[171,223,225],{"class":224},"swJcz","  modules",[171,227,228],{"class":217},":",[171,230,231],{"class":213}," [",[171,233,234],{"class":217},"'",[171,236,237],{"class":181},"@openape/nuxt-auth-sp",[171,239,234],{"class":217},[171,241,242],{"class":213},"]",[171,244,245],{"class":217},",\n",[171,247,249,252],{"class":173,"line":248},3,[171,250,251],{"class":217},"}",[171,253,254],{"class":213},")\n",[156,256,258],{"id":257},"step-3-add-the-login-component","Step 3 — Add the Login Component",[161,260,265],{"className":261,"code":262,"filename":263,"language":264,"meta":166,"style":166},"language-vue shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u003Ctemplate>\n  \u003COpenApeAuth />\n\u003C/template>\n","pages/login.vue","vue",[168,266,267,278,289],{"__ignoreMap":166},[171,268,269,272,275],{"class":173,"line":174},[171,270,271],{"class":217},"\u003C",[171,273,274],{"class":224},"template",[171,276,277],{"class":217},">\n",[171,279,280,283,286],{"class":173,"line":221},[171,281,282],{"class":217},"  \u003C",[171,284,285],{"class":224},"OpenApeAuth",[171,287,288],{"class":217}," />\n",[171,290,291,294,296],{"class":173,"line":248},[171,292,293],{"class":217},"\u003C/",[171,295,274],{"class":224},[171,297,277],{"class":217},[299,300,301],"p",{},"That's it. Your app now supports passwordless login via the DDISA protocol.",[156,303,305],{"id":304},"it-just-works","It Just Works",[307,308,309,321,327],"ul",{},[310,311,312,316,317,320],"li",{},[313,314,315],"strong",{},"Zero config in development"," — session secrets are auto-generated, ",[168,318,319],{},"clientId"," is derived from your dev server port",[310,322,323,326],{},[313,324,325],{},"Humans and agents use the same protocol"," — no special API keys, no separate bot accounts",[310,328,329,332],{},[313,330,331],{},"No vendor lock-in"," — DDISA is an open protocol based on DNS discovery, WebAuthn, and standard OAuth flows",[156,334,336],{"id":335},"what-about-the-idp","What About the IdP?",[299,338,339],{},"You don't need to run an Identity Provider. Your users authenticate at their own IdP, discovered automatically via DNS.",[307,341,342,357,365],{},[310,343,344,345,348,349,356],{},"No DNS record for a user's domain? The ",[313,346,347],{},"fallback IdP"," (",[350,351,355],"a",{"href":352,"rel":353},"https://id.openape.at",[354],"nofollow","id.openape.at",") handles it — free, zero-setup",[310,358,359,360],{},"Users who want full control can run their own IdP with ",[350,361,362],{"href":21},[168,363,364],{},"@openape/nuxt-auth-idp",[310,366,367],{},"DNS discovery happens transparently — your app doesn't need to know where users authenticate",[156,369,371],{"id":370},"production-checklist","Production Checklist",[299,373,374,375,377],{},"Before deploying, set these values (via ",[168,376,194],{}," or environment variables):",[379,380,381,397],"table",{},[382,383,384],"thead",{},[385,386,387,391,394],"tr",{},[388,389,390],"th",{},"Setting",[388,392,393],{},"Env Variable",[388,395,396],{},"Description",[398,399,400,419,434],"tbody",{},[385,401,402,407,412],{},[403,404,405],"td",{},[168,406,319],{},[403,408,409],{},[168,410,411],{},"NUXT_OPENAPE_SP_CLIENT_ID",[403,413,414,415,418],{},"Your service identifier (e.g. ",[168,416,417],{},"myapp.example.com",")",[385,420,421,426,431],{},[403,422,423],{},[168,424,425],{},"sessionSecret",[403,427,428],{},[168,429,430],{},"NUXT_OPENAPE_SP_SESSION_SECRET",[403,432,433],{},"A random string, at least 32 characters",[385,435,436,441,444],{},[403,437,438],{},[168,439,440],{},"spName",[403,442,443],{},"—",[403,445,446,447,450],{},"Human-readable name (shown in ",[168,448,449],{},"auth.md"," and SP manifest)",[161,452,454],{"className":192,"code":453,"filename":194,"language":195,"meta":166,"style":166},"export default defineNuxtConfig({\n  modules: ['@openape/nuxt-auth-sp'],\n  openapeSp: {\n    clientId: 'myapp.example.com',\n    spName: 'My App',\n  },\n})\n",[168,455,456,468,486,496,513,530,536],{"__ignoreMap":166},[171,457,458,460,462,464,466],{"class":173,"line":174},[171,459,203],{"class":202},[171,461,206],{"class":202},[171,463,210],{"class":209},[171,465,214],{"class":213},[171,467,218],{"class":217},[171,469,470,472,474,476,478,480,482,484],{"class":173,"line":221},[171,471,225],{"class":224},[171,473,228],{"class":217},[171,475,231],{"class":213},[171,477,234],{"class":217},[171,479,237],{"class":181},[171,481,234],{"class":217},[171,483,242],{"class":213},[171,485,245],{"class":217},[171,487,488,491,493],{"class":173,"line":248},[171,489,490],{"class":224},"  openapeSp",[171,492,228],{"class":217},[171,494,495],{"class":217}," {\n",[171,497,499,502,504,507,509,511],{"class":173,"line":498},4,[171,500,501],{"class":224},"    clientId",[171,503,228],{"class":217},[171,505,506],{"class":217}," '",[171,508,417],{"class":181},[171,510,234],{"class":217},[171,512,245],{"class":217},[171,514,516,519,521,523,526,528],{"class":173,"line":515},5,[171,517,518],{"class":224},"    spName",[171,520,228],{"class":217},[171,522,506],{"class":217},[171,524,525],{"class":181},"My App",[171,527,234],{"class":217},[171,529,245],{"class":217},[171,531,533],{"class":173,"line":532},6,[171,534,535],{"class":217},"  },\n",[171,537,539,541],{"class":173,"line":538},7,[171,540,251],{"class":217},[171,542,254],{"class":213},[156,544,546],{"id":545},"for-ai-agents","For AI Agents",[299,548,549,550,553],{},"Every SP automatically serves ",[168,551,552],{},"/.well-known/auth.md"," — a machine-readable Markdown document that describes how to authenticate. Agents can fetch this endpoint to discover the login flow, endpoints, and protocol details without any prior configuration.",[555,556,557],"style",{},"html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}",{"title":166,"searchDepth":248,"depth":221,"links":559},[560,561,562,563,564,565,566],{"id":158,"depth":221,"text":159},{"id":188,"depth":221,"text":189},{"id":257,"depth":221,"text":258},{"id":304,"depth":221,"text":305},{"id":335,"depth":221,"text":336},{"id":370,"depth":221,"text":371},{"id":545,"depth":221,"text":546},"Add OpenApe authentication to your app in 3 steps.","md",null,{},true,{"title":16,"description":567},"WfWEPuwGUhaDD3VAw7P9OvqVygQtNFBn10kU04lMgKc",[575,577],{"title":12,"path":13,"stem":14,"description":576,"children":-1},"Set up OpenApe agent gatekeeping for AI agents like OpenClaw.",{"title":20,"path":21,"stem":22,"description":578,"children":-1},"Deploy your own OpenApe IdP with DNS, storage, and Passkey authentication.",1774221116104]