Authorization Server Template — Agent handbook¶
Role: OAuth 2.x / OIDC issuer — clients, token endpoints, signing material, discovery/JWKS.
Pairs with: Identity Backend for user store.
Canonical spec: ConnectSoft.Documentation — Authorization Server
Agent guardrails¶
| Must | Must not |
|---|---|
| Store signing keys and client secrets via platform secret management | Hard-code private keys in repos |
| Align HangFire / SQL connection key names with configuration alignment | Drift Acceptance vs Application catalog names |
Confirm shortName with repo template.json / installer |
Assume shortName from memory |
Known alignment hotspot¶
Acceptance vs Application appsettings and HangFire keys are frequent drift points—agents proposing config changes should diff both environments.
Blueprint hints¶
oidc: true
openiddict: true
clients: [spa_public, worker_confidential]
token_format: jwt # confirm with platform
signing: certificate|dev # never commit prod certs
Topic index (agents)¶
Prioritize Authentication, Configuration, Architecture.