{"service":"c3scan-auth-broker","version":"1.1.0","phase":"Phase 2 - SSO + Browser Sessions","features":["OIDC broker with PKCE","One-time login tickets","Server-to-server ticket redemption","Browser SSO session establishment","HTTP-only session cookies","Session validation endpoint"],"endpoints":["GET  /v1/auth/start?client_key=xxx&return_to=xxx - Initiate login","GET  /v1/auth/callback?code=xxx&state=xxx - Handle OIDC callback","POST /v1/tickets/redeem - Server-to-server ticket redemption","GET  /sso/consume?ticket=xxx&redirect=xxx - Browser session establishment","GET  /v1/session/validate - Validate session cookie","POST /v1/session/logout - Clear session","GET  /health - Health check"]}