Identity for AI Agents - Patrick Riley & Carlos Galan, Auth0

Overview

Patrick Riley and Carlos Galan from Auth0 present their approach to securing AI agents through identity management. They demonstrate four key pillars for agent security: AI needs to know who you are, agents must call APIs on your behalf, agents should request confirmation for risky operations, and access should be fine-grained. The session includes a hands-on workshop building an authenticated trading agent with MCP server integration.

Key Takeaways

• Agent identity is foundational - without knowing who the user is, agents cannot apply proper security restrictions or authorization policies
• Token vault enables seamless API access - persist refresh tokens and manage token lifecycles so agents can access upstream services without repeated user authentication
• Asynchronous authorization prevents dangerous actions - implement approval workflows where agents request user confirmation for risky operations like financial transactions through push notifications
• Fine-grained scopes control agent permissions - define specific API access permissions that agents can use, preventing over-privileged access to user resources
• MCP servers can be secured as OAuth clients - Model Context Protocol servers can use dynamic client registration and OAuth flows to securely access protected resources

Topics Covered

• 0:00 - Introduction and Vision: Auth0’s vision to safely enable any technology use, new AI agent security challenges, and the four pillars approach
• 5:00 - Four Pillars of Agent Security: AI knowing user identity, calling APIs on behalf of users, requesting confirmation for risky operations, and fine-grained access control
• 9:00 - Async OAuth for Approval Workflows: Implementation of client-initiated back-channel authentication for agent approval requests
• 11:00 - Token Vault for API Access: Persisting refresh tokens, managing token lifecycles, and enabling agents to access upstream APIs securely
• 15:00 - MCP Server Integration: Modeling MCP servers as OAuth clients and implementing dynamic client registration
• 18:00 - Workshop: Building Trading Agent: Hands-on demo building a Next.js agent with Auth0 identity, stock trading tools, and upstream API access
• 27:00 - Token Exchange Implementation: Code walkthrough of exchanging user tokens for upstream API access tokens through token vault
• 40:00 - MCP Server Authorization: Implementing OAuth flows for MCP servers, scoped permissions, and dynamic client registration
• 55:00 - Async Authorization Demo: Demonstrating approval workflows for risky operations like stock trades through push notifications
• 1:09:00 - Integration with Claude and ChatGPT: Showing MCP server integration with different AI platforms and deployment considerations