Give AI agents a pass,
not your master key.
Agents read your email, call your APIs, even spend your money. Hand each one a limited pass instead: only what you allow, gone in minutes, revoked in a click.
A grant in, a pass out, revoke whenever.
STEP 01
You choose what it can do
Pick exact permissions, like read my inbox but never send.
STEP 02
It gets a short-lived pass
A signed token carrying only those permissions, good for 15 minutes.
STEP 03
You cut it off anytime
Revoke one agent, or all of them. Access stops instantly.
One of these you can take back.
API key What agents get today
- Full access to everything
- Never expires
- Can't be taken back
- No record of what it did
AgentAuth pass What you give instead
- Only the permissions you pick
- Expires in minutes
- Revoke instantly
- Every action logged
What is AgentAuth?
AgentAuth is open-source, OAuth-style authorization for AI agents and MCP servers. It issues scoped, short-lived, revocable tokens so an agent can act on a user’s behalf without a full-access API key.
How is AgentAuth different from an API key?
An API key grants full access, never expires, and can’t be taken back. An AgentAuth token is limited to the exact scopes you approve, expires in minutes, can be revoked instantly, and every use is logged.
Does AgentAuth work with MCP servers?
Yes. AgentAuth issues and verifies scoped tokens for MCP servers and agent tools, matching the MCP OAuth-style authorization model where each call is checked against the permissions the user granted.
What are scoped, short-lived tokens?
A scoped token carries only the permissions you grant, such as email:read but not email:send. Short-lived means it expires fast (15 minutes by default), so a leaked token is worthless within minutes.
How do you revoke an AI agent’s access?
Call revoke() by token, by agent, or by user. The next request that agent makes is rejected instantly, so you can disconnect a misbehaving agent in one line.
Is AgentAuth free and open source?
Yes. AgentAuth is MIT licensed and free to use. The core has a single dependency (jose) and runs anywhere Node.js does.
See the gate in action.
A real demo: connect an agent, watch it get allowed and blocked by what you granted, then revoke it.