authsec-frontend
GitHubReact 19Vite 6TypeScript
Admin dashboard with RBAC, OAuth flows, voice authentication UI, and MFA management. Built for teams deploying AuthSec on-premises.
Star on GitHubNow open sourceAgent-first
Agent-first
Open Source Identity layer for Autonomous AI.
Self-host and extend the full AuthSec stack — authentication, authorization, and vault for AI agents and autonomous workloads with real-time policy enforcement.
Voice Agent
AuthSec
SSO Providers
AI Agent
MCP Server
AI Agent
MCP Server
SAML2 / OIDC
User Authentication
Delegated Access
Open Source
Built in the open
The full AuthSec stack — dashboard, API server, and mobile authenticator — is open source. Self-host, audit, fork, and contribute.
MIT licensed. Production-ready. Community-driven.
authsec-backend
GitHubGoGinPostgreSQL
Monolithic API server powering OAuth 2.1, CIBA, SPIFFE workload identity, secret vault, and adaptive MFA with Prometheus observability.
Star on GitHubAuthsecAuthenticator
GitHubExpo 54React NativeTypeScript
Open-source mobile authenticator with TOTP, CIBA push approval, biometrics, and OIDC/SAML login. Reference client for the AuthSec SDK.
Star on GitHubAll repositories are MIT licensed and open for contributions.
View all reposPlatform Build Modes
From Developer to Enterprise
Get started in minutes with our SDK, scale to enterprise needs seamlessly.
SDK quickstarts, policy controls, and runtime identity.
# Initialize Client & Check Permission# Initializeclient = AuthSecClient( base_url='https://dev.api.authsec.dev', token=os.getenv('AUTHSEC_TOKEN'))# Check single permission (resource:action)# List all user permissionspermissions = client.list_permissions()SSO
Connect with enterprise identity providers
Federated Auth
Delegate to enterprise directories
Auth Logging
Immutable audit trails for compliance
RBAC
Fine-grained permission control
Identity Primitives
Agent-first identity foundations
Authentication and authorization for users and AI agents with modern identity primitives.
Voice, agent, and workload trust under one policy graph.
Headless sign-in
Authenticate users via voice, CLI, or agents without browser redirects using secure token flows.
Delegate trust
Users grant scoped, expiring permissions so agents can safely act on their behalf.
Agent & workload identity
Use SPIFFE, mTLS, and rotation to secure machine-to-machine communication.
Core Modules
Dual plane for AI agent and user identity
Secure users and autonomous workloads with the same policy engine, observability, and controls. No more parallel auth stacks.
OAuth, workload trust, vault controls, and adaptive MFA.
OAuth2.1 for User Authentication
Native OAuth2.1 support with Authorization Code + PKCE. Issue short-lived, user-bound tokens without building custom auth flows.
User-first security · PKCE by default · Risk-based MFA
Zero Trust Runtime
Autonomous agent authentication with SPIFFE
AuthSec assigns AI agents and MCP servers cryptographically verifiable identities using X.509 certificates, exchanged for short-lived, call-specific JWTs to minimize blast radius.
SVID issuance, policy checks, and mTLS handshakes in one flow.
AuthSec Control Plane
Identity Authority • Policy Engine • Trust Registry
Issue SVID
Issue SVID
Node A
SPIRE Agent
Workload API
AI Agent
AI Agent
Authorize (SVID)
mTLS
Authorize (SVID) • mTLS
Node B
SPIRE Agent
Workload API
AI Agent
AI Agent
Workload Identity
Each agent is issued a unique X.509 workload identity (SPIFFE SVID) at startup.
Certificate-Based Authentication
Autonomous workloads authenticate using short-lived X.509 certificates.
mTLS with Automatic Rotation
Agents authenticate using mTLS with automatically rotated certificates.
Root CA & Vault-Backed PKI
HashiCorp Vault backs PKI issuance and rotation from a trusted Root CA.
Implementation Journey
Build and deploy with AuthSec
A unified authentication and authorization platform for MCP Servers and AI Agents
Step 1
Set Up Your Account and Configure OAuth and SAML 2 SSO
Connect your identity provider (Google, GitHub, Microsoft) via OAuth 2.1 or SAML 2.0 SSO. MFA with WebAuthn/FIDO2 works out of the box. Users download and install the AuthSec app and configure single sign-on.
Step 2
Integrate MCP Servers, AI Agents, and Voice Agents
Install the AuthSec SDK to secure your MCP servers, AI agents, and voice agents. Use lightweight SDKs to give each agent a verifiable identity with just a few lines of code.
# Create Your Secure MCP Server (server.py)# Tool: Accessible to authenticated users 'type': 'text', 'text': f"Hello, {arguments['_user_info']['email']}!" }]# Start the server run_mcp_server_with_oauth( client_id='your-client-id-here', app_name='My Secure MCP Server' )Step 3
Implement SDK
Implement the SDK in your codebase to enable authentication and authorization. Secure communication and policy enforcement without static API keys.
Step 4
Preview
Preview voice authentication and agent auth in action. See how AuthSec protects your AI infrastructure with real-time demonstrations.
Go Live FasterReady to secure your users and
Ready to secure your users and
MCP servers?
AuthSec provides enterprise-grade security with OAuth 2.1, AI agent authentication, and zero-trust architecture.
OAuth 2.1 & PKCE
MCP server authentication
AI agent workload identity
Zero-trust security posture
Get started in minutes
No infrastructure setup required
No spam. Security updates only.
Insights
View all postsFeatured Posts
Learn about authentication patterns, security best practices, and AI agent identity from our engineering team.
StrategyMar 11, 2026
AuthSec: Open-Source Identity for AI Agents
Read article
StrategyFeb 4, 2026
Why AuthSec Is Built for Agents, Not Browsers
Read article
InfrastructureFeb 3, 2026
MCP server: The Protocol Your Service Mesh Has Been Missing
Read article