AAuth51
DocsWalkthroughProtocolArchitecture
Sign inOpen Console →
  • Overview
  • Agent identity
  • Intent tokens
  • Proof-of-possession
  • Grants & scopes
  • Workflows & steps
  • Delegation & chains
  • Non-amplification
  • Discovery & the trust boundary
  • MCP governance

Concepts

Concepts

The pages here explain how auth51 works and why it’s built the way it is. You don’t need them to get started, but they’re worth reading once — they’re short, and each one starts from a problem you already have.

Read them in order the first time; they build on each other.

  • Agent identity→

    What makes an agent that agent — and why identity is a fingerprint of the code, not a secret it carries.

  • Intent tokens→

    One short-lived credential per action, bound to a key the agent can’t hand over. Why a stolen one is inert.

  • Proof-of-possession (DPoP)→

    How auth51 binds a token to the process that minted it, so copying it out of a log gets you nowhere.

  • Grants & scopes→

    The ceiling on what an agent may mint — base scopes plus gated step-up scopes, enforced at mint.

  • Workflows & steps→

    Ordered plans with per-step scopes, prerequisites, and approval gates — so a run can’t skip ahead.

  • Delegation & chains→

    How a hand-off between agents is recorded, hashed into the token, and validated so the path can’t be forged.

  • Non-amplification→

    Why a delegated or fanned-out call can never end up with more authority than the one it came from.

  • Discovery & the trust boundary→

    How unregistered agents surface for review without their prompts ever entering the authority.

  • MCP governance→

    Governing what an agent can do through third-party MCP servers, tool call by tool call.

Product

  • Console
  • Walkthrough
  • Architecture

Deploy

  • Enterprise
  • Cloud

Resources

  • IETF Draft (Agentic JWT)
  • Protocol Spec
  • GitHub

Company

  • Unforge
  • Contact
AAuth51

The control plane for AI agents. Built by Unforge.