Exploring AAuth for Agent IAM

Agent Auth (AAuth – pronounced “AY-awth”) is an exploratory spec for agent identity and access management from Dick Hardt who authored OAuth 2.0 and co-author of OAuth 2.1.

Intro: Digging in to AAuth Flows

This set of resources is intended to help you understand the AAuth protocol in concrete detail. It is not a specification (see AAuth for the evolution of that). This is specificatlly a more detailed review of the spec with examples (as a result of me implementing this).

This section walks through various flows with detailed Header/Payload examples so the sequence diagrams from the AAuth exploratory draft are illustrated concretely.

The source code for this section can be found on GitHub: https://github.com/christian-posta/aauth-implementation

1. Header Web Key (HWK) for Pseudonymous Access
2. Json Web Keys (JWKS) for Identified Access / Agent Identity
3. Identified Agent Authorization
4. User Consent with Identified Access with Authorization
5. Authorization Token Exchange
6. Delegated Agent Identity

Full Working Demo with Keycloak and Agentgateway (WIP)

🚧 Work in Progress This demo section is under active development and will be available in the next few days.

This set of resources walks you through set up and evaluation of a realistic AAuth implementation with Identity Provider (Keycloak), Agentgateway, and libraries to support AAuth in multiple languages (Java, Python, Rust).

The source code for this section can be found in GitHub: https://github.com/christian-posta/aauth-full-demo

1. AAuth with Keycloak and Agentgateway
2. Agent Identity with JWKS
3. Agent authorization (autonomous flow)
4. Agent authorization (user consent)
5. Token Exchange for Auth propagation (OBO)
6. Apply policy with AgentGateway

AAuth Implementation Resources

1. Java Library
2. Python Library
3. Rust Library
4. Keycloak AAuth SPI
5. Agentgateway AAuth Impl
6. Agentgateway AAuth Release