OpenID Connect (OIDC) + OAuth for AI Agents (github.com)

Auth Agent is an open-source OAuth 2.1 authorization server purpose-built to let autonomous AI agents authenticate programmatically instead of relying on human-driven OAuth flows. It standardizes "agent" sign-in by combining PKCE-based authorization codes with direct agent credential submission (agent_id + agent_secret) via an API, a polling spinner flow for browser-use agents, and SDKs/demos for TypeScript and Python. The project includes ready demos (Profilio-style, crypto trading, GitHub-like dashboards), a Next.js example, and a live API—aiming to make agent-to-service authentication predictable, auditable, and easy to integrate. Technically, Auth Agent enforces OAuth 2.1 with mandatory PKCE (S256), issues HS256-signed JWT access tokens (stateless validation) and opaque refresh tokens (stored for revocation/token rotation), and supports RFC-compliant introspection (7662), revocation (7009) and discovery metadata (8414). Secrets are hashed (PBKDF2/bcrypt), authorization requests expire after 10 minutes, and redirect URIs require HTTPS. It’s deployed at the edge on Cloudflare Workers with Supabase (Postgres) for durable storage and row-level security, and provides admin APIs for agent/client lifecycle, token management, and configuration. For the AI/ML community, this brings a reproducible, secure baseline for agent authentication—reducing ad hoc auth patterns, enabling safer automation, and making token lifecycle and revocation practical for long-running autonomous agents.