Episode 141 - GluuFederation/identerati-office-hours GitHub Wiki

Title: OBO OAuth: Encoding Delegation with JWTs

Channels

Description

Engineers from WSO2 have proposed an IETF draft for OAuth "On-Behalf-Of User Authorization for AI Agents" or “OBO OAuth”, which extends standard OAuth flows to support secure delegation to AI agents. The draft introduces parameters like requested_actor and actor_token to make explicit which agent is acting, capture user consent, and record the delegation chain in issued tokens. We’ll unpack how this flow addresses the gaps in existing OAuth 2.0 and Token Exchange specs, why explicit consent and auditability are critical, and what it means for real-world AI agent authorization.

Homework

Takeaways

  • ⚡ This draft OAuth flow defines how AI software can present a web link to a user (human) to authorize a client to interact with an AI agent. The client uses the code to obtain a token as normal. The resulting access token should have some extra claims indicating the authorization of the AI agent. This is a very early draft, and seems more like a starting point for a conversation.

  • ⚡ "Actor" was chosen instead of "Agent" because non-AI software might also find this flow useful.

  • ⚡ Agent identity is asserted via a JWT token--like an id_token for an AI agent. The contents of this token, and how it is obtained are out of scope of this draft spec.

  • ⚡ UX is a challenge. Will human users have to authorize every API, for every AI component? For example, a mechanism to delegate authorization to multiple domains would be nice.

  • ⚡ It's great that engineers are starting to work on the different kinds of tokens we'll need, and the flows for how to obtain them. But once that work is done, we'll still need a way to author policies. And how will human users grant not just access, but obligations and restrictions. For example, don't book the ticket unless you can notify me immediately, and I don't fly on ValueJet.

Livestream Audio Archive

here