STANDARD

Rich Authorization Requests (RAR) — Primer

Rich Authorization Requests (RFC 9396) let clients request fine‑grained, typed permissions via authorization_details instead of coarse scopes.

Visual representation of Rich Authorization Requests (RAR) standard

← All standards

Why it matters

Standards reduce risk and vendor lock‑in. We implement this spec across our Studios and runtime so policy is portable.

Where it’s enforced

Gateway: pre‑execution gating (plan/schema pins, params/egress)
Shield: inline budgets/stream caps/content checks
PDP: decisions with constraints/obligations/TTL
IdP: passports, token exchange, consent/DPoP

How it works (high level)

RAR (RFC 9396) allows fine‑grained permissions via authorization_details. Multiple entries are allowed; the AS MUST validate types and ignore unknown members.

{
  "authorization_details": [{
    "type": "ai_agent_delegation",
    "tools": ["mcp:flights:search"],
    "locations": ["https://tools.example.com"],
    "dat": {"purpose": "travel"}
  }]
}

References

RFC 9396: RAR

← pkce

All standards

Pushed Authorization Requests (PAR) →