Oauth solved human identity, JWT’s solved API authentication, But neither was designed for agents.
Agents are entities that act autonomously, persist across sessions and accumulate permissions over time and can be compromised without anyone noticing. Agent Auth is the first protocol i have read so far that treats agent identity as a first class problem.
The Problem Nobody Has Solved … Yet
The problem has three distinct layers that are worth Naming Seperately:
The attribution gap — when an agent calls your Github/Slack or any other Api, who made the call? the answer today is “The User’s Oauth token“, but the user did not make the call. An autonomous process did, acting on the user behalf probably hours after the latter set up this process on their laptop or Phone, if something goes wrong, e.g: a branch gets deleted on github, a leaked secret , or even a runaway loop , then you have no way of knowing which agent did this, when it was authorized to do it or whether that authorization should be valid.
The permission drift problem — Human oauth flows are scoped at connection time. An agent’s permission need change constantly, it might need a write:repo permission now and later only a read:repo . Today, you either over-provision at the start or build custom permission systems that are untested, inconsistent or invisible to the service being called.
The Lifetime Problem — A human logs in, does something, logs out. while an Agent is created, runs indefinitely, accumulates context, and is often never explicitly revoked. Nobody has a clear answer to “when should an agent stop being trusted ? “. The protocol answers this with hard lifetime ceiling, session TTLs, reactivation gates.
What Makes Agent Identity different from Human Identity
The instinct most developers reach for when they need to authenticate an automated process is the service account with an Oauth token. it works. it ships. And it quietly becomes a reliability when more than one process or person are using it and it is only noticed when things start to go wrong.
Agents dont have an interactive session - Human authentication is built on a moment of Interaction, you typed in a password, you clicked a button on an authentication app or clicked a Verifiable link. the security of the entire system now rests on the assumption that the human is present and any actions done within the system are attributed to the authenticated user.
Well … agents break this assumption at the foundation. A webhook fires an event which invokes an agent at 3:00 AM which then calls this three Api’s , does some update in the database and shuts down, and no human was involved in any of it. This means the entire burden on proving identity should fall on cryptography and not secrets that can be phished or sessions that can be hijacked mid flight and definitely not tokens that can be extracted from headers and replayed. The option remaining for an agent to offer as a proof of identity is the signature made with a private key that never left the system that generated it.
Ed25519 is how Agent Auth Implements it. Every Host and Agent generates they own keypair. the Private key never moves and the public key is registered with the server via the host. Every Request the Agent makes is signed with the private key and it has to be verified when making request via the private key still. Meaning if there is no Valid signature then you are not Authorized. But its also Important to make sure that the Private key is never leaked since it might lead to foreign entities working on your host. But not to worry their is Agent Revocation,Reactivation on the protocol which will essentially block the foreign entity by generating new key pair and a new valid signature.
Agents also need a Verifiable trail - cryptographic proof that a specific agent with a specific key, made a specific action at a specific time with specific capabilities which were assigned to it at a specific time. The Jti claim in Agent’s Auth JWT is what makes this possible, meaning each request has a unique, non-replayable fingerprint.
The Protocol Entities and the Mental Model That Makes it Click
The document defines Servers,Clients,Host and Agent, Capabilities
Server - the trust authority for external Services. it decides who is allowed to act and what they can do with what capabilities which are listed before Authentication and can be scoped . Github’s Agent Auth Server has 7 permissions but 2 were given your agent.
Host - the Persistent Environment where agents are from. Think of it as , “This agent is Running from Lucy’s Github Workstation“. The host has its own keypair and its Verification with the server. it survives individual agents which means you can spin ten or More agents under the same Host with tight verification.
Client- the protocol driver on your side. it manages keys, talks to the server an handles the Authentication mechanics. One client per Server connection, similar to How Mcp Servers do it.
Agent- the runtime Actor, it has its own keypair, its own granted capabilities and its own lifecycle. it is Registered under a host which vouches for it to the server.
Remember the Host has the power to Register,Revoke or Rotate the keys for agents. And the Agent JWT is constrained to 60 seconds TTL, scoped capabilities, non replayable.
That is why Melduo Comes in, it correctly Implements the Protocol plus other security layers not described to Ensure that we can correctly Create Automations and Workflows that can act securely with traceability and logging while accomplishing much needed Work for agents to do securely.
Melduo is still under construction as of this writing and expected to be up for Beta testing within the Next Month(May) for users to Test out Automation in the systems and Improve the productivity in their Business or Work Place.
Huge thanks to the Better-Auth team for coming up with the Architecture and Releasing the protocol of how it all works. and I hope you enjoyed the Read and it triggered you for the good. you can continue the Read on the official Docs for Agent auth protocol here
Thank you and Have a Nice day ,
Brian Mwangi
Founder and Ai Engineer - Melduo
Melduo.com