One control plane for human and agent identity.
The same engine that signs a user in with OAuth 2.1 issues a workload an X.509 identity and decides whether an agent may invoke an MCP tool — one policy model, fully audited. Every capability, in depth, below.
MCP OAuth 2.1 — identity for AI agents
A fully spec-compliant OAuth 2.1 authorization server purpose-built for the Model Context Protocol. Agents like Claude Code, Cursor, and custom LLM tools register, authenticate, and get scoped access to MCP servers — with no manual API-key management.
XAA & ID-JAG — carry a user across trust boundaries
AI agents don't sit in front of a browser. An agent may call an MCP server on a user's behalf hours later — often in a different org. XAA (Extended Access Attribution) implements the Identity Assertion Authorization Grant so an agent obtains a purpose-built assertion — the ID-JAG — instead of forwarding an audience-bound user token.
AuthSec introspects the user's token, confirms the agent is approved for the target, and mints a short-lived JWT (oauth-id-jag+jwt, 5-min TTL).
POST /oauth/token grant_type = token-exchange subject_token = user's token resource = target RS URI
The target AS authenticates the agent, validates the assertion, maps the subject to a local user, applies RBAC, and mints a locally-scoped token.
POST /oauth/token grant_type = jwt-bearer assertion = the ID-JAG resource = target RS URI
M2M token issuance
For backend services, CI/CD pipelines, and automated workflows that call MCP servers with no human in the loop. Service accounts authenticate with client-credentials and receive a 1-hour native access token.
Connector Broker
A server-side proxy for AI agent tool calls. Agents never see raw credentials — AuthSec injects them server-side and returns only the redacted result. Connect a provider once via OAuth; tokens refresh and rotate automatically.
SPIFFE & workload identity
A built-in SPIRE-compatible control plane issuing X.509 and JWT workload identities — with multi-tenant isolation out of the box. Agents get cryptographic identities exchanged for short-lived, call-specific credentials.
OIDC Federation
External OIDC providers — Google, GitHub, Microsoft, and custom — for both platform- and workspace-level authentication. A three-step flow with HMAC-signed state binds workspace + application to prevent cross-tenant escalation.
SAML 2.0
Full SP-initiated SAML 2.0 for enterprise IdPs — Okta, Azure AD, Auth0. AuthSec builds the AuthnRequest, validates the XML signature and assertion conditions, extracts attributes, and completes login.
WebAuthn / Passkeys
FIDO2/WebAuthn for passwordless login and MFA — hardware keys (YubiKey), platform authenticators (Touch ID, Windows Hello), and cross-device passkeys via QR.
Access control & governance
RBAC with principals, roles, permissions (resource:action pairs), and role bindings scoped to workspaces and resource servers — plus the approval and delegation machinery that makes agent access safe.
Directory sync — SCIM, AD & Entra ID
Audit logging
Three distinct log streams, all queryable via paginated APIs. Each event records actor, action, resource, method, path, status code, old/new values, and timestamp.
SPIRE operations have a separate audit trail in spire_audit_logs.
Standards & RFCs
Secure your users, agents, and workloads.
One policy engine. Short-lived by default. Verifiable everywhere. Audited by design — and open source under Apache 2.0.