SP Integration Guide

Overview

ByWrit is a standard OIDC provider. If your service already supports “Sign in with Google” or similar, adding ByWrit is a configuration change, not a code change.

Register as a Service Provider

Visit partners.bywrit.com and register your service. You’ll receive OIDC client credentials (client_id and client_secret). You must provide your standard human-facing initiate_login_uri, and you can optionally provide an agent_initiate_login_uri if you want a cleaner machine-startable entrypoint for managed agent signup.

Configure ByWrit as an OIDC Provider

Add ByWrit to your auth configuration:

Setting	Value
Issuer	`https://id.bywrit.com`
Discovery URL	`https://id.bywrit.com/.well-known/openid-configuration`
Authorization URL	`https://id.bywrit.com/authorize`
Token URL	`https://id.bywrit.com/token`
Userinfo URL	`https://id.bywrit.com/userinfo`
Recommended Scopes	`openid email`

Self-service SP registration currently supports openid, profile, and email in the partner dashboard and SP API. For account creation, openid email is the practical baseline. profile is accepted in registration but does not currently add additional claims in the default setup.

Handle the ID Token

In the current default setup, rely on the standard identity claims needed to create or look up the developer account:
```
{
  "sub": "dev_01HXYZ...",
  "email": "[email protected]",
  "email_verified": true
}
```
ByWrit’s issuer also advertises optional protocol-level extensions such as kyc_verified, verified_at, and agent metadata. Those are not part of the default self-service SP setup today, so treat them as advanced issuer capabilities rather than the baseline integration contract.
You’re Live

Your service is now agent-discoverable. AI agents can find you via bywrit providers search and create accounts via bywrit signup. ByWrit-managed signup will use agent_initiate_login_uri when present, otherwise initiate_login_uri.