Analysis updated 2026-05-18
Let an AI agent register for and authenticate with your service on a user's behalf.
Publish an AUTH.md file so agents can discover how to register with your service.
Verify an agent's identity using a signed ID-JAG token from an agent provider.
Allow anonymous agent registration that a user later claims by confirming via email.
| workos/auth.md | trdx/solana-trading-bot | alpha-vector-core/polymarket-arbitrage-trading-bot | |
|---|---|---|---|
| Stars | 80 | 80 | 79 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | moderate | hard | moderate |
| Complexity | 3/5 | 4/5 | 4/5 |
| Audience | developer | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires running both a sample service and a sample identity provider locally to see the full flow.
This repository is a reference implementation of a proposed protocol for how AI agents can sign up for and authenticate with online services on behalf of a user. It is built by WorkOS, a company that provides identity and authentication tools for developers. The core problem this addresses is that AI agents increasingly need to interact with web services to do things for users, but current authentication systems were designed for people or simple automated scripts, not for agents that act on a user's behalf. The protocol defines three participants: the agent doing the work, an agent provider that can vouch for the agent's identity, and the service the agent wants to access. There are three ways an agent can authenticate, depending on what it has available. If the agent provider supports it, the provider can issue a signed identity token called an ID-JAG, which the service verifies by checking the provider's public keys. If the agent knows the user's email address but cannot get an ID-JAG, the service sends a one-time code to that email address, the user reads it to the agent, and the agent completes verification with that code. If the agent has no identity at all, it can register anonymously and receive limited access credentials, then later claim full ownership by having the user confirm via email. A key feature is that services publish their authentication instructions in a plain text file called AUTH.md, hosted at their domain, which agents can discover and read to understand how to register. This is analogous to robots.txt, which web crawlers check to understand site rules. The repository includes sample code for both the service side and the identity provider side, along with shared types and a working development setup you can run locally. Running it starts a service at one port and a provider at another, and the service home page walks through all three registration flows interactively. The code is written in TypeScript and uses standard Node.js tooling.
A reference implementation of a proposed protocol that lets AI agents sign up for and authenticate with online services on behalf of a user, similar to how robots.txt guides web crawlers.
Mainly TypeScript. The stack also includes TypeScript, Node.js.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.