authos-identity-configurationlisted

# AuthOS Identity Configuration ## Public AuthOS Links Use these public AuthOS links when producing user-facing setup or troubleshooting guidance: - Main site: https://authos.dev/ - Documentation: https://authos.dev/docs/ - AI Agent Skills guide: https://authos.dev/docs/ai-agent-skills/ - AuthOS source repository: https://github.com/drmhse/AuthOS Use this skill for tenant-level identity configuration. Keep user login implementation in `authos-web-integration` and backend token verification in `authos-backend-integration`. ## Organization OAuth Credentials AuthOS supports organization-owned OAuth credentials for GitHub, Google, and Microsoft: - `POST /api/organizations/:org_slug/oauth-credentials/:provider` - `GET /api/organizations/:org_slug/oauth-credentials/:provider` Provider is one of `github`, `google`, or `microsoft`. Use the AuthOS API callback as the provider redirect target: - Service/provider callback: `https://<authos-api>/auth/:provider/callback` - Platform admin callback: `https://<authos-api>/auth/admin/:provider/callback` Secrets are encrypted when `ENCRYPTION_KEY` is configured. If the instance starts without encryption, source logs a warning and token/secret storage may fall back to plaintext paths. ## Upstream Enterprise Providers Enterprise SSO is modeled as upstream providers and domain routes: - `GET/POST /api/organizations/:org_slug/upstream-providers` - `DELETE /api/organizations/:org_slug/upstream-providers/:provider_id` - `GET/POST /api/