naftiko: 1.0.0-alpha2 info: label: OAuth 2.0 Authorization Server — Token description: 'OAuth 2.0 Authorization Server — Token. 1 operations. Lead operation: Token Endpoint. Self-contained Naftiko capability covering one Oauth business surface.' tags: - Oauth - Token created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OAUTH_API_KEY: OAUTH_API_KEY capability: consumes: - type: http namespace: token-endpoint-token baseUri: https://authorization-server.example.com description: OAuth 2.0 Authorization Server — Token business capability. Self-contained, no shared references. resources: - name: token path: /token operations: - name: requesttoken method: POST description: Token Endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true authentication: type: basic username: '{{env.OAUTH_USER}}' password: '{{env.OAUTH_PASS}}' exposes: - type: rest namespace: token-endpoint-token-rest port: 8080 description: REST adapter for OAuth 2.0 Authorization Server — Token. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/token name: token description: REST surface for token. operations: - method: POST name: requesttoken description: Token Endpoint call: token-endpoint-token.requesttoken with: body: rest.body outputParameters: - type: object mapping: $. - type: mcp namespace: token-endpoint-token-mcp port: 9090 transport: http description: MCP adapter for OAuth 2.0 Authorization Server — Token. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: token-endpoint description: Token Endpoint hints: readOnly: false destructive: false idempotent: false call: token-endpoint-token.requesttoken with: body: tools.body outputParameters: - type: object mapping: $.