Identity for AI Agents - Patrick Riley & Carlos Galan, Auth0

Comprehensive authentication framework

Auth0 structures AI identity around four requirements: agents must know user identity, call APIs on their behalf, request human confirmation for risky operations, and maintain fine-grained resource access controls.

Async OAuth for human oversight

The new CIBA (Client Initiated Backchannel Authentication) implementation enables autonomous agents to push structured approval requests to users' devices, returning access tokens only after explicit human confirmation of transactions.

Enterprise governance capabilities

The architecture supports dual authorization layers where companies can restrict and monitor agent actions performed by employees, extending beyond individual user permissions to satisfy corporate security requirements.

Token Vault product release

New feature securely persists upstream refresh tokens from providers like Google and Slack, automating token exchanges and lifecycle management so agents maintain API access without exposing credentials.

MCP server preview support

Auth0 now models Model Context Protocol servers as OAuth clients with dynamic client registration, enabling secure connections between agents and external tool servers while maintaining identity boundaries.

Framework-specific token strategies

Implementation adapts to deployment types—using short-lived access tokens for LangGraph external APIs versus refresh tokens for traditional embedded web applications like Next.js.

Standardized security modeling

Auth0 treats AI agents as standard OAuth clients and APIs as resource servers, applying existing identity protocols to both interactive chatbots and fully autonomous background agents.

Workshop demonstration

Presenters built a Vercel-hosted Next.js stock trading agent demonstrating federated identity connections, showing the progression from anonymous chatbot to authenticated agent with upstream API access via Token Vault.