Creativity · Agent Protocol

Agent Identity — OIDC and OAuth 2.1

As agents act on users' behalf, 'who is calling this API' becomes a hard question. OIDC + OAuth 2.1 plus emerging agent-identity specs (OpenID FAPI 2.0, Agent Passport proposals) let you issue each agent a verifiable identity distinct from the delegating user, scope its permissions (e.g., 'read email, no send'), and audit every call it makes on behalf of whom.

Protocol facts

Sponsor
OpenID Foundation + IETF
Status
proposed
Interop with
OIDC, OAuth 2.1, Okta, Auth0, Azure AD

Frequently asked questions

Why can't the agent just use the user's token?

Because then every action — including ones the user didn't authorize — looks like the user did it. Agent identity separates 'acting user' from 'agent in execution', preserving audit trails and letting you revoke an agent without signing the user out.

What's Agent Passport?

An emerging proposal for a signed credential that proves an agent's identity, the user who delegated to it, the scopes granted, and an expiry. Multiple vendors (Auth0, Okta, Google) have aligned drafts as of 2026.

How does this interact with MCP?

MCP servers are moving to require authenticated callers via OAuth. Agent identity means the MCP server can see 'this is agent X acting for user Y with scopes Z' and enforce fine-grained authorization per call.

Sources

  1. OAuth 2.1 draft — accessed 2026-04-20
  2. OpenID Foundation — accessed 2026-04-20

Related

  • Agent Credential Vault Pattern — The credential-vault pattern stores secrets — API keys, OAuth tokens, passwords — outside the agent's memory and injects them only into specific tool calls, limiting blast radius if the agent is compromised.
  • Agent Prompt-Injection Defense — Prompt-injection defense is a layered set of techniques — input sanitization, instruction hierarchies, capability scoping, output firewalls — used to prevent attackers from hijacking an agent via untrusted text.
  • Agent Human-in-the-Loop (HITL) Pattern — Human-in-the-loop is the design pattern where agents pause for human approval, correction, or input at specific checkpoints — trading some autonomy for safety, accuracy, and regulatory fit in high-stakes workflows.
  • All Agent Protocols — Browse the complete agent protocols library
  • VSET — Programmes offered — B.Tech programs (CSE, AI&ML, AI&DS, Electronics, IIoT)