Episode 141 - GluuFederation/identerati-office-hours GitHub Wiki

Title: OBO OAuth: Encoding Delegation with JWTs

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Ayesha Dissanayaka, Associate Director, Architect
• Guest: Thilina Senarath, Senior Software Engineer, WSO2

Channels

• Linkedin Event
• Youtube Video

Description

Engineers from WSO2 have proposed an IETF draft for OAuth "On-Behalf-Of User Authorization for AI Agents" or “OBO OAuth”, which extends standard OAuth flows to support secure delegation to AI agents. The draft introduces parameters like requested_actor and actor_token to make explicit which agent is acting, capture user consent, and record the delegation chain in issued tokens. We’ll unpack how this flow addresses the gaps in existing OAuth 2.0 and Token Exchange specs, why explicit consent and auditability are critical, and what it means for real-world AI agent authorization.

Homework

• OAuth 2.0 Extension: On-Behalf-Of User Authorization for AI Agents

Takeaways

TBD

Livestream Audio Archive

Will be Here