explaingit

workos/auth.md

Analysis updated 2026-05-18

80TypeScriptAudience · developerComplexity · 3/5Setup · moderate

TLDR

A reference implementation of a proposed protocol that lets AI agents sign up for and authenticate with online services on behalf of a user, similar to how robots.txt guides web crawlers.

Mindmap

mindmap
  root((auth.md))
    What it does
      Defines agent auth protocol
      Publishes AUTH.md instructions
      Sample service and provider code
    Tech stack
      TypeScript
      Node.js
    Use cases
      Let agents register for a service
      Verify agent identity via ID-JAG
      Claim ownership via email OTP
    Audience
      Developers
      Identity providers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Let an AI agent register for and authenticate with your service on a user's behalf.

USE CASE 2

Publish an AUTH.md file so agents can discover how to register with your service.

USE CASE 3

Verify an agent's identity using a signed ID-JAG token from an agent provider.

USE CASE 4

Allow anonymous agent registration that a user later claims by confirming via email.

What is it built with?

TypeScriptNode.js

How does it compare?

workos/auth.mdtrdx/solana-trading-botalpha-vector-core/polymarket-arbitrage-trading-bot
Stars808079
LanguageTypeScriptTypeScriptTypeScript
Setup difficultymoderatehardmoderate
Complexity3/54/54/5
Audiencedevelopergeneraldeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires running both a sample service and a sample identity provider locally to see the full flow.

In plain English

This repository is a reference implementation of a proposed protocol for how AI agents can sign up for and authenticate with online services on behalf of a user. It is built by WorkOS, a company that provides identity and authentication tools for developers. The core problem this addresses is that AI agents increasingly need to interact with web services to do things for users, but current authentication systems were designed for people or simple automated scripts, not for agents that act on a user's behalf. The protocol defines three participants: the agent doing the work, an agent provider that can vouch for the agent's identity, and the service the agent wants to access. There are three ways an agent can authenticate, depending on what it has available. If the agent provider supports it, the provider can issue a signed identity token called an ID-JAG, which the service verifies by checking the provider's public keys. If the agent knows the user's email address but cannot get an ID-JAG, the service sends a one-time code to that email address, the user reads it to the agent, and the agent completes verification with that code. If the agent has no identity at all, it can register anonymously and receive limited access credentials, then later claim full ownership by having the user confirm via email. A key feature is that services publish their authentication instructions in a plain text file called AUTH.md, hosted at their domain, which agents can discover and read to understand how to register. This is analogous to robots.txt, which web crawlers check to understand site rules. The repository includes sample code for both the service side and the identity provider side, along with shared types and a working development setup you can run locally. Running it starts a service at one port and a provider at another, and the service home page walks through all three registration flows interactively. The code is written in TypeScript and uses standard Node.js tooling.

Copy-paste prompts

Prompt 1
Run the local dev setup and walk me through all three agent registration flows.
Prompt 2
Explain how the ID-JAG identity assertion flow works compared to the email OTP flow.
Prompt 3
Help me write an AUTH.md file for my own service based on this repo's format.
Prompt 4
Show me how a service verifies an agent provider's signed identity token.

Frequently asked questions

What is auth.md?

A reference implementation of a proposed protocol that lets AI agents sign up for and authenticate with online services on behalf of a user, similar to how robots.txt guides web crawlers.

What language is auth.md written in?

Mainly TypeScript. The stack also includes TypeScript, Node.js.

How hard is auth.md to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is auth.md for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.