Tools / OAuth discovery checker
OAuth discovery checker
Probe OAuth and protected-resource metadata so authenticated future agent workflows can discover authorization boundaries safely.
Selected check · PROTO-005-4 pts
What this checks
Authorization server
Checks OAuth authorization metadata.
Protected resource
Checks resource metadata.
API context
Only matters strongly when API surfaces exist.
Auth clarity
Separates public and authenticated actions.
FAQ
- When does OAuth discovery matter?
- It matters when a public site exposes authenticated APIs or protected resources and agents need a stable way to find authorization-server or resource metadata.
- Does missing OAuth metadata hurt every site?
- No. Agent Web Check weighs OAuth discovery when API or authenticated-resource signals are present, or when OAuth well-known paths are intentionally published.
- Does this checker perform a login flow?
- No. It only checks public metadata discovery. It does not collect credentials, open sessions, request tokens, or test private account workflows.
- Which files should API teams consider?
- Start with well-known OAuth authorization-server metadata and protected-resource metadata where authenticated APIs exist, then link them from public developer documentation.