{
    "schemaVersion":  "1.0",
    "contract":  "openacai-identity-readiness",
    "generatedAtUtc":  "2026-07-07T19:54:11.3140169+00:00",
    "status":  "web-account-fallback-social-signin-planned",
    "canonicalUrl":  "https://openacai.ong/.well-known/openacai-identity-readiness.json",
    "sourcePages":  {
                        "account":  "https://openacai.com/account/",
                        "communitySafety":  "https://openacai.com/community-safety/",
                        "contact":  "https://openacai.com/contact/"
                    },
    "currentCapabilities":  {
                                "wordpressAccountLogin":  true,
                                "privateGamhonProfilePreferences":  true,
                                "shareableGamhonCardExport":  true,
                                "publicAccountCreation":  false,
                                "socialSignIn":  false,
                                "nativeOAuth":  false,
                                "nativeSessionRefresh":  false,
                                "publicProfiles":  false,
                                "directMessages":  false,
                                "onlineRooms":  false,
                                "staffPortalCloudflareAccess":  true,
                                "partnerPortalCloudflareAccess":  true
                            },
    "identityProviders":  [
                              {
                                  "id":  "google",
                                  "label":  "Google",
                                  "protocol":  "openid-connect",
                                  "status":  "planned-not-configured",
                                  "nativeReady":  false,
                                  "webReady":  false,
                                  "publicClientIdPublished":  false
                              },
                              {
                                  "id":  "microsoft",
                                  "label":  "Microsoft",
                                  "protocol":  "openid-connect",
                                  "status":  "planned-not-configured",
                                  "nativeReady":  false,
                                  "webReady":  false,
                                  "publicClientIdPublished":  false
                              },
                              {
                                  "id":  "discord",
                                  "label":  "Discord",
                                  "protocol":  "oauth2",
                                  "status":  "planned-not-configured",
                                  "nativeReady":  false,
                                  "webReady":  false,
                                  "publicClientIdPublished":  false
                              }
                          ],
    "nativeAuthPolicy":  {
                             "useAuthorizationCodeWithPkce":  true,
                             "useSystemBrowserOrPlatformAuthSession":  true,
                             "embeddedWebViewsAllowed":  false,
                             "implicitFlowAllowed":  false,
                             "passwordGrantAllowed":  false,
                             "storeRefreshTokensOnlyInPlatformSecureStorage":  true,
                             "requireStateNonceAndIssuerValidation":  true,
                             "redirectSchemeReserved":  "openacai",
                             "redirectPaths":  [
                                                   "/auth/callback",
                                                   "/logout/callback"
                                               ],
                             "universalLinksRequiredBeforeProduction":  true
                         },
    "cloudflareAccess":  {
                             "staffPortalHost":  "openacai.org",
                             "partnerPortalHost":  "openacai.ngo",
                             "privatePortalsRequireAccessJwt":  true,
                             "publicWebsiteRequiresAccess":  false,
                             "publicApiContractsRequireAccess":  false,
                             "nativePrivatePortalAccess":  "future-review",
                             "neverExposeAccessPoliciesOrTokensInPublicContracts":  true
                         },
    "sessionAndStorage":  {
                              "publicContractsCacheable":  true,
                              "authenticatedResponsesNoStore":  true,
                              "accountPageNoStore":  true,
                              "contactPageNoStore":  true,
                              "doNotStoreSessionTokensInLocalStorage":  true,
                              "doNotSendTokensProfileTextOrEmailsToAnalytics":  true,
                              "logoutMustClearLocalProfileDraftsOnlyByUserChoice":  true
                          },
    "launchGates":  [
                        {
                            "id":  "provider-registration",
                            "required":  true,
                            "ready":  false,
                            "effect":  "Hide social sign-in buttons and use web account fallback."
                        },
                        {
                            "id":  "pkce-native-clients",
                            "required":  true,
                            "ready":  false,
                            "effect":  "Hide native OAuth and do not store refresh tokens."
                        },
                        {
                            "id":  "account-deletion-export",
                            "required":  true,
                            "ready":  true,
                            "effect":  "Use public contact/privacy paths until self-service deletion exists."
                        },
                        {
                            "id":  "moderation-and-reporting",
                            "required":  true,
                            "ready":  false,
                            "effect":  "Keep public profiles, messages, friends, rooms, and matchmaking disabled."
                        },
                        {
                            "id":  "youth-safety-review",
                            "required":  true,
                            "ready":  false,
                            "effect":  "Do not launch youth social spaces or public room discovery."
                        },
                        {
                            "id":  "token-logging-audit",
                            "required":  true,
                            "ready":  false,
                            "effect":  "Do not enable provider login until logs and analytics exclude tokens and identifiers."
                        }
                    ],
    "clientRules":  {
                        "requireIdentityReadinessBeforeAnySignInUi":  true,
                        "showWordPressWebLoginFallback":  true,
                        "hideSocialSignInUntilProviderReady":  true,
                        "hideNativeOAuthUntilPkceReady":  true,
                        "hidePublicProfileDirectory":  true,
                        "hideDirectMessages":  true,
                        "hideOnlineRooms":  true,
                        "useExternalBrowserForAccountFallback":  true,
                        "neverSendNamesEmailsTokensOrProfileTextToAnalytics":  true,
                        "treatUnknownProviderStatusAsDisabled":  true,
                        "treatUnknownLaunchGateAsNotReady":  true
                    },
    "relatedContracts":  {
                             "accountData":  "https://openacai.ong/.well-known/openacai-account-data.json",
                             "socialReadiness":  "https://openacai.ong/.well-known/openacai-social-readiness.json",
                             "communitySafety":  "https://openacai.ong/.well-known/openacai-community-safety.json",
                             "dataSafety":  "https://openacai.ong/.well-known/openacai-data-safety.json",
                             "securityPolicy":  "https://openacai.ong/.well-known/openacai-security-policy.json",
                             "accessReadiness":  "https://openacai.ong/.well-known/openacai-access-readiness.json"
                         },
    "privacy":  {
                    "publicOnly":  true,
                    "containsSecrets":  false,
                    "containsOAuthClientSecrets":  false,
                    "containsOAuthClientIds":  false,
                    "containsAccessTokens":  false,
                    "containsSessionIds":  false,
                    "containsUserEmails":  false,
                    "containsPrivateProfileText":  false,
                    "containsPrivateCaseData":  false,
                    "safeForDeviceCache":  true
                }
}