Ben McAdams

Two agent auth specs, at once

Two proposals for agent auth landed the same week — same name, same problem, different mechanisms.

Two "agent auth" proposals landed on my radar in the same week. Both use the name, both target the same problem, both come from credible camps.

  • AAuth from Dick Hardt — one of the authors of OAuth 2.0. Agents sign requests with a per-agent keypair instead of carrying bearer tokens. The framing is roughly: clients used to be written by hand, now agents assemble them at runtime, and the protocols underneath weren't built for that.
  • Agent Auth Protocol from the Better Auth team. Per-agent identities with scoped capabilities baked in — one agent gets read:accounts (last 90 days), another gets transfer:funds (≤$500). Same underlying user, different tokens, different limits.

The starting observation is identical: OAuth today issues one shared bearer per app. The server can't tell one agent instance from another, and per-call policy is impossible when authorization was frozen at consent time.

The mechanisms diverge from there. AAuth leans on cryptographic identity plus signed requests. Agent Auth Protocol leans on per-agent capability tokens with a discovery layer — see gmail.agent-auth.directory for the shape.

The bit that stands out to me is the name collision. Two credible groups landed on "agent auth" and neither seems to be backing down. Whichever shape wins, the fact that OAuth's own editor is designing a successor is probably the signal worth watching.

Filing this here. Curious which one picks up adopters first.