# auth.md — Agent Registration for Salat Time

This document describes how autonomous agents authenticate, register, and access prayer-time data from Salat Time (https://salat.top). Salat Time provides read-only access to public prayer-time and mosque information for Portugal.

## Audience

This file is intended for AI agents and developer tooling that needs to discover and consume salat.top data programmatically.

## Registration

**Method: Public Access (no registration, no credentials)**

Salat.top exposes all prayer data without authentication. There is no rate limiting, account creation, or access control for public endpoints. Agents can begin fetching data immediately — there are no credentials to register.

- **Register URI**: https://salat.top/auth.md (this document)
- **Skill URI**: https://salat.top/auth.md
- **Supported identity types**: `public`, `anonymous`, `identity_assertion`
- **Credential types**: `none`

## Service Metadata

- **Protected Resource Metadata**: https://salat.top/.well-known/oauth-protected-resource
- **Authorization Server Metadata**: https://salat.top/.well-known/oauth-authorization-server
- **OpenID Configuration**: https://salat.top/.well-known/openid-configuration
- **HTTP Message Signatures Directory**: https://salat.top/.well-known/http-message-signatures-directory
- **API Catalog**: https://salat.top/.well-known/api-catalog
- **Agent Skills Index**: https://salat.top/.well-known/agent-skills/index.json
- **MCP Server Card**: https://salat.top/.well-known/mcp/server-card.json
- **DNS for AI Discovery**: https://salat.top/.well-known/dns-aid

## Data Discovery

- **LLMs.txt Index**: https://salat.top/llms.txt
- **Markdown Homepage**: https://salat.top/index.md
- **Sitemap**: https://salat.top/sitemap.xml

## Credential Management

Salat.top issues no credentials today, but the metadata below is published so that future identity flows can be advertised in place without a schema change.

| Action | Endpoint |
| --- | --- |
| Claim (link identity) | `claim_uri`: https://salat.top/auth.md#claim |
| Revoke (unlink identity) | `revocation_uri`: https://salat.top/auth.md#revoke |

The `events_supported` array on the authorization server includes `credential.revocation` so that identity providers can publish revocation telemetry to agents.

## Supported Capabilities

- Read-only access to public prayer-time information
- Mosque directory with location and contact data
- Real-time prayer and iqama times for 50+ mosques in Portugal
- Monthly PDF prayer timetables
- Machine-readable structured data via `llms.txt` and markdown pages
- DNS-based agent discovery via `_agents.salat.top` SVCB/HTTPS records

## YAML Summary

```yaml
agent_auth:
  skill: https://salat.top/auth.md
  register_uri: https://salat.top/auth.md
  supported_identity_types:
    - public
    - anonymous
    - identity_assertion
  credential_types:
    - none
  identity_assertion:
    assertion_types_supported:
      - urn:ietf:params:oauth:token-type:id-jag
      - verified_email
    credential_types_supported:
      - identity_assertion
      - id-jag
      - verified_email
  anonymous:
    credential_types_supported:
      - none
  claim_uri: https://salat.top/auth.md#claim
  revocation_uri: https://salat.top/auth.md#revoke
  description: >
    All prayer-time data on salat.top is publicly accessible.
    No registration, API key, or authentication is required.
    Agents should use the discovery documents below to locate
    data endpoints and machine-readable resources.
```
