Blog & Articles

Curated articles about AAuth, agent authentication, and the thinking behind the protocol.

Christian Posta

AAuth Deep Dives

• Deep Dive AAuth — Identity and Access Management for AI Agents  — Comprehensive walkthrough of the AAuth protocol.
• AAuth Full Demo  — Working end-to-end demo with Keycloak, Agentgateway, Java/Python/Rust.
  • Agent Identity with JWKS 
  • Agent Authorization (Autonomous) 
  • Agent Authorization (On Behalf Of) 
  • Apply Policy with Agentgateway 

Agent Identity & Auth Series

• Do AI Agents Need Their Own Identity?  — Whether AI agents require their own identity, separate from users.
• AI Agent Delegation — You Can’t Delegate What You Don’t Control  — How agents reveal weaknesses in current auth foundations.
• Explaining OAuth Delegation, “On Behalf Of”, and Agent Identity  — OAuth flows when the caller is an AI agent.
• Configuring A2A OAuth User Delegation  — OAuth 2.0 token exchange and delegation walkthrough.
• Inbound Auth for Agentcore With Agentgateway  — Authorization policies for agent-to-agent communication.
• Mitigate Prompt Injection Attacks With A2AS and Agentgateway  — Using gateway patterns to mitigate prompt injection.

Karl McGuinness

A seven-part series on agent authority and delegation — foundational thinking behind AAuth’s design. Available in the AAuth specification repository .

1. Agents Don’t Need Your Passport — Why treating agents as users fails
2. From Passports to Power of Attorney — The delegation model agents actually need
3. Governing the Stay — Scoping and constraining delegated authority
4. Mission-Bound OAuth — Can OAuth be extended for agent missions?
5. Client Context and ID JAG — Identity at the agent-gateway boundary
6. Mission Architecture on AAuth — How AAuth’s mission model works
7. Why Mission-Bound OAuth Might Be Wrong — Why a new protocol is needed