{
  "issuer": "https://www.alpha.ac",
  "jwks_uri": "https://www.alpha.ac/.well-known/jwks.json",
  "authorization_endpoint": "https://www.alpha.ac/auth",
  "token_endpoint": "https://www.alpha.ac/api/public/oauth/token",
  "response_types_supported": ["code"],
  "subject_types_supported": ["public"],
  "id_token_signing_alg_values_supported": ["RS256", "EdDSA"],
  "grant_types_supported": ["authorization_code", "client_credentials"],
  "scopes_supported": ["openid", "profile", "email"],
  "token_endpoint_auth_methods_supported": ["client_secret_basic", "private_key_jwt"],
  "service_documentation": "https://www.alpha.ac/auth.md",
  "op_policy_uri": "https://www.alpha.ac/.well-known/jwks-rotation",
  "x-jwks-rotation-policy": "https://www.alpha.ac/.well-known/jwks-rotation",
  "x-status": "Alpha does not currently expose protected APIs requiring OIDC. The authorization_endpoint and token_endpoint URLs are reserved; partner integrations should contact hello@alpha.ac. The jwks_uri returns an empty key set until issuance keys are provisioned; rotation and expiration rules are published at /.well-known/jwks-rotation."
}