Skip to content
famasi.ai

Authentication

Individuals authenticate with phone-based OTP via OAuth 2.1. This flow is used on ChatGPT, Claude.ai, and OpenClaw.

How it works

  1. Discovery — Client fetches OAuth server metadata:

    GET https://mcp.famasi.ai/.well-known/oauth-authorization-server

  2. Dynamic registration — Client registers with the authorisation server

  3. Authorisation — You’re redirected to authorise:

    • Enter your phone number
    • Receive an OTP via SMS
    • Enter the OTP to verify
    • Consent screen

  4. Token exchange — Authorisation code exchanged for access token

  5. Refresh — Tokens refresh automatically

In practice

On hosted platforms (ChatGPT, Claude.ai), the OAuth flow is handled for you. You just:

  1. Enter your phone number when prompted
  2. Enter the OTP sent to your phone
  3. Start using Famasi

If the phone number isn’t registered, the agent automatically offers to create an account using the create_patient tool.

Security

  • OTPs expire after 10 minutes
  • Tokens refresh automatically by the MCP server
  • No API keys or passwords to manage
  • Sessions are token-based with automatic refresh