OAuth Isn't Enough for Agents (www.osohq.com)

A strong argument is made that OAuth’s token-based model is fundamentally ill-suited for LLM agents: tokens are limited in size (so they can’t encode fine-grained, resource- or field-level permissions), static (hard or impossible to change or revoke in real time), and opaque to the authorization server once issued (so you can’t audit or observe individual enforcement decisions). The piece warns that these limits aren’t just inconvenient — they’re dangerous. Agents often connect to many services and data sources, amplifying the attack surface (the author cites the August 2025 Drift/Salesloft OAuth token compromise as a cautionary example) and increasing the risk of large-scale data exfiltration or accidental data leakage through prompt jailbreaks. Technically, the author recommends abandoning or augmenting token-centric OAuth for agentic use cases in favor of a per-action, real-time policy engine that can evaluate complex policies (resource hierarchies, role inheritance, time- and region-based constraints, explicit denies), support on-the-fly privilege escalation and revocation, and log every authorization decision with on‑behalf‑of tracing for observability, alerts, and auditing. They propose Oso as one concrete alternative but note the solution could also be a fundamentally redesigned standard (e.g., an OAuth‑3 style rethink) — the key requirement is live, auditable, least-privilege authorization for agents.