The button

Sign in with Pupul

One click lets a person carry a consented, revocable read of who they are into your app. You get their word, their rhythm, the force that moves them. Verifiable offline, forever. Never how to move them.

This page is a different app. Try it. & Sign in with Pupul

You will see the consent screen on noctaracorp.com, allow it with your email and mark, and land back here holding your read. Need a read first? Take one.

What happens

  1. Your app sends the person to the Pupul consent screen with a scope.
  2. They prove the read is theirs and choose Allow. Only what they allow is released.
  3. You exchange a one-time code for a token, server-side.
  4. You verify the token offline against the public JWKS. You never call us to check it.
  5. They can revoke you at any moment from their dashboard. The token dies.
Offline-verifiable

ES256 tokens, checked against /.well-known/jwks.json. No callback to us, ever.

Consent-walled

Only the word, rhythm, force, and how to meet them are grantable. The control register never leaves the person.

Revocable

One tap at their dashboard kills every token an app holds.

Self-describing

Point an OAuth client at the discovery URL and it configures itself.

Add it in five minutes

discovery https://noctaracorp.com/.well-known/oauth-authorization-server 1. Send the person to: /api/oauth/authorize?client_id=YOUR_ID &redirect_uri=YOUR_CALLBACK &scope=word rhythm force palace &response_type=code&state=RANDOM 2. On your callback, exchange the code (server-side): POST /api/oauth/token grant_type=authorization_code code, redirect_uri, client_id, client_secret 3. Verify the returned token against the JWKS, or call /api/oauth/userinfo with the bearer token.
Want a client_id for your app? Request access.  .  Read the integration docs.  .  Honest scope: presence is a v1 confidence signal, not a calibrated biometric.