The Agent Auth Protocol is an open-source standard designed to address the unique authentication and authorization challenges posed by AI agents. Unlike traditional web models that assume a human user and a static application, this protocol treats runtime AI agents as first-class principals with their own distinct identities, cryptographic credentials, scoped capabilities, and independent lifecycles. Created and maintained by the Better Auth team, it provides a comprehensive framework for agent-based service interaction that ensures clear attribution, granular permission control, and secure authorization.

The protocol defines three core participants: the Agent, the Client, and the Server. The Agent is the runtime AI actor that needs to perform tasks; the Client acts as a bridge, exposing protocol tools to the agent, managing cryptographic keys, and coordinating communication with servers; and the Server is the authorization authority that handles service discovery, agent registration, user approvals, and JWT verification. By decoupling the agent's identity from both the user's session and the hosting application, the protocol enables secure, audited, and revocable interactions between AI agents and external services.

Some of the key features are:

• Per-Agent Identity: Every agent is issued its own unique identity and Ed25519 cryptographic keypair, ensuring distinct traceability and isolation.
• Scoped Capabilities: Agents are granted access only to the specific functions they require, often with fine-grained input constraints to limit potential abuse.
• Independent Lifecycle: Agents maintain their own status—active, pending, expired, or revoked—allowing administrators to manage or terminate individual agents without affecting others.
• Discovery Standard: The protocol defines a well-known endpoint and directory structure, enabling agents to automatically discover service capabilities and authentication requirements.
• Secure Approval Flows: It utilizes standard user-consent mechanisms like device authorization (RFC 8628) and CIBA to handle human-in-the-loop approvals when required.
• JWT-Based Authentication: Agents authenticate using short-lived, signed JSON Web Tokens (JWTs) tied to their identity, providing a robust security foundation.
• Extensible Architecture: The specification is designed to work alongside existing standards like OAuth 2.0 and MCP, providing a cohesive layer for agent-based operations.

Operationally, the Agent Auth workflow begins with client-side discovery of a service's configuration. Once a provider is identified, the client registers the agent with the server by signing a Host JWT. If the agent's requested capabilities fall within the host's default policies, it may be auto-approved; otherwise, an approval flow is triggered. Once active, the agent performs tasks by invoking capabilities through the client, which signs short-lived Agent JWTs for every request. These tokens are verified by the server or a resource server to ensure that the agent possesses the required permissions and complies with any specified constraints before execution.

Some common use cases include:

• Delegated Copilots: Enabling an AI assistant to act on behalf of a user to perform actions like reading emails or managing calendar invites with specific, scoped permissions.
• Autonomous Background Workers: Facilitating scheduled automations or service-to-service tasks that operate without direct human intervention, using server-defined policies for authorization.
• Tool-Calling Ecosystems: Allowing AI agents in diverse environments—such as IDE copilots or CLI tools—to programmatically connect to and use external APIs without requiring manual configuration or credential sharing.
• Multi-Agent Governance: Providing administrators with an audit trail to track activity by specific agent instances and revoke compromised agents individually.