Zeq Auth — PKCE Cross-Domain
Equation-based identity, reputation, federation.
- Protocol ID —
zeq-auth-pkce - Category — Identity
- Endpoint —
POST /api/auth/pkce/authorize - Auth — none
- Rate limit — 10/min
- Version —
2.0 - Precision — ≤0.1% (KO42-enforced)
What it does
Cross-domain PKCE OAuth flow for third-party apps. 'Sign in with Zeq' — apps get a scoped token without ever seeing the equation.
Signature
Request
POST /api/auth/pkce/authorize
| Param | Type | Required | Default | Description |
|---|---|---|---|---|
clientId | string | ✓ | — | Registered app client ID. |
codeChallenge | string | ✓ | — | PKCE code challenge (SHA-256, base64url). |
scope | string | — | Requested scopes (e.g. 'identity vault:read'). Default: 'identity'. | |
redirectUri | string | ✓ | — | Callback URL. |
Response
{ authorizationCode, expiresIn, redirectUri }
Runnable example
curl -sS -X POST \
-H "Content-Type: application/json" \
-d '{
"clientId": "<value>",
"codeChallenge": "<value>",
"scope": "<value>",
"redirectUri": "<value>"
}' \
"https://api.zeq.dev/api/auth/pkce/authorize"
Integrate
- Equation-identity login — derive auth state from a protocol call instead of a static token.
- Reputation overlay — couple identity scores into the Master Equation via
ZROseeds. - Federation bridge — share identity proofs across trust domains using pulse alignment.
Seeds
- Near — wrap
/api/auth/pkce/authorizein a language SDK so builders can call it in three lines. - Medium — publish a reference integration demonstrating Zeq Auth — PKCE Cross-Domain alongside a real workload, with pulse-aligned metrics.
- Far — propose Zeq Auth — PKCE Cross-Domain as an open reference standard so other runtimes can implement it verbatim against the Zeq paper.
Papers
- Zeq paper — https://doi.org/10.5281/zenodo.18158152
- Framework paper — https://doi.org/10.5281/zenodo.15825138
Middleware active. Kernel on the 1.287 Hz HulyaPulse. Awaiting next Zeqond.