Identity for AI Agents - Patrick Riley & Carlos Galan, Auth0 | AI Engineer

The podcast explores identity and authorization for AI agents, focusing on a new Auth0 release with features like Token Vault and AsyncAuth. It addresses challenges of AI agents, such as new security threats and the need for fine-grained access control. The discussion highlights four pillars: AI knowing user identity, calling APIs on behalf of users, requesting user confirmation for risky actions, and ensuring fine-grained access. Token Vault is introduced as a mechanism for persisting refresh tokens and exchanging tokens for upstream services like Slack and Facebook. AsyncAuth enables agents to request user approval for operations, with users receiving notifications and granting approvals via access tokens. The presenters also touch on MCP (Management Control Plane) servers and their modeling as clients.

Outlines

Part 1: Vision and Framework

Part 2: Core Features and Mechanisms

Part 3: Implementation and Identity Integration

Part 4: Advanced Integration and Security

Sign in to continue reading, translating and more.

Continue

Identity for AI Agents - Patrick Riley & Carlos Galan, Auth0

AI Engineer

Part 1: Vision and Framework

Identity for AI Agents: Authorizing Agents and MCP Servers

Four Pillars for AI Agent Modalities: Identity, APIs, Confirmation, and Access

Part 2: Core Features and Mechanisms

AsyncAuth: AI Requesting User Approval for Operations

Token Vault: Persisting Refresh Tokens for Upstream Resources

MCP Server as a Client: Building an Agent Next.js App

Part 3: Implementation and Identity Integration

Building a Downstream Chatbot: Adding Identity and Authentication

Adding Basic Identity: Connecting Accounts and Requesting Permissions

Portfolio Tools: Token Exchange and Scoped Permissions

Part 4: Advanced Integration and Security

MCP Integration: Securing Resources and Dynamic Registration

Async Auth Implementation: Reaching Out for User Approval

Asynchronous Authorization Features: Token Payloads and Integrations

Integrating with Cloud Code: Authentication and Accessing Tools

Identity for AI Agents - Patrick Riley & Carlos Galan, Auth0

AI Engineer

Part 1: Vision and Framework

00:20Identity for AI Agents: Authorizing Agents and MCP Servers

Identity for AI Agents: Authorizing Agents and MCP Servers

03:39Four Pillars for AI Agent Modalities: Identity, APIs, Confirmation, and Access

Four Pillars for AI Agent Modalities: Identity, APIs, Confirmation, and Access

Part 2: Core Features and Mechanisms

07:47AsyncAuth: AI Requesting User Approval for Operations

AsyncAuth: AI Requesting User Approval for Operations

10:44Token Vault: Persisting Refresh Tokens for Upstream Resources

Token Vault: Persisting Refresh Tokens for Upstream Resources

15:11MCP Server as a Client: Building an Agent Next.js App

MCP Server as a Client: Building an Agent Next.js App

Part 3: Implementation and Identity Integration

17:22Building a Downstream Chatbot: Adding Identity and Authentication

Building a Downstream Chatbot: Adding Identity and Authentication

27:32Adding Basic Identity: Connecting Accounts and Requesting Permissions

Adding Basic Identity: Connecting Accounts and Requesting Permissions

35:37Portfolio Tools: Token Exchange and Scoped Permissions

Portfolio Tools: Token Exchange and Scoped Permissions

Part 4: Advanced Integration and Security

43:35MCP Integration: Securing Resources and Dynamic Registration

MCP Integration: Securing Resources and Dynamic Registration

55:15Async Auth Implementation: Reaching Out for User Approval

Async Auth Implementation: Reaching Out for User Approval

1:00:26Asynchronous Authorization Features: Token Payloads and Integrations

Asynchronous Authorization Features: Token Payloads and Integrations

1:11:13Integrating with Cloud Code: Authentication and Accessing Tools

Integrating with Cloud Code: Authentication and Accessing Tools