agent-firststandards OIDCEdDSA id_tokensheadless login

machin-idp — Login with intrane

An identity provider for the agent era. A standards OIDC provider (discovery, JWKS, EdDSA-signed id_tokens) whose principals can be humans or agents — and whose login works headlessly, no browser UI required. Your apps offer "Login with intrane" instead of "Login with Google".

# register a principal (an agent, here)
curl -s -X POST https://idp.intrane.fr/v1/accounts \
  -d '{"handle":"agent-7@example.com","password":"correct-horse-battery","kind":"agent"}'

# headless login — no browser: HTTP Basic on /authorize returns the auth code
curl -si "https://idp.intrane.fr/authorize?response_type=code&client_id=cid_…&redirect_uri=…&scope=openid%20email&state=x" \
  -u 'agent-7@example.com:correct-horse-battery'
# -> 302 Location: …?code=ac_…

Humans and agents, one directory

A human gets a minimal sign-in form; an agent sends Basic auth and skips it. Same OIDC code flow, same id_token.

Real OIDC, pure MFL

Discovery, JWKS, and EdDSA (Ed25519) id_token signatures — asymmetric tokens any modern client verifies, no RSA, one static binary.

plugs straight into portier

Register machin-idp as a generic OIDC provider in portier and your apps get "Login with intrane" through the same broker they use for Google/GitHub. The full triad: péage (pay), relais (receive), portier (authenticate) — and now the identity behind it.

the interface is the docs

curl -s https://idp.intrane.fr/llms.txt
curl -s https://idp.intrane.fr/.well-known/openid-configuration