IdP for AI Agents — Technical Overview

How our IdP issues purpose‑bound Agent Passports using standards: Token Exchange (RFC 8693) with Authorization Details (RAR, RFC 9396), optional DPoP (RFC 9449), and Resource Indicators (RFC 8707). Includes identity ARNs mapping, JIT consent at issuance, and PATs for dev tools.

Back to IdP What is ARIA?

On‑Behalf‑Of (OBO) claims

sub: end‑user (authorization basis)
act.sub: actor (agent/service)
azp: authorized party (BFF/client)

Agents and elevated service routes require a concrete delegation_id. Non‑elevated service routes authorize on sub without a delegation id.

Standards implemented

RFC 8693 Token Exchange (OBO)
RFC 9396 RAR (batched capabilities) + PAR/JARM (optional)
RFC 9449 DPoP (sender‑constrained tokens)
RFC 8707 Resource Indicators (audience)
OIDC Discovery + JWKS

Identity ARNs & federation mapping

We mint provider‑scoped Account ARNs and, when configured, consolidate to a stable Identity ARN. Policy can target identities once, across providers.

Read about identity strategy →

Consent at issuance (JIT obligations)

If policy requires consent, the token endpoint returns authorization_pending with an opaque handle. On approval, issuance resumes. Subject‑only, manager‑approved, or dual‑approval patterns are supported.

Dev‑tool access (PATs)

Scoped PATs replace vendor API keys at our proxies (OpenAI/Anthropic). Introspected server‑side, short‑TTL cached, enforced via PDP/budgets, with receipts.

Audience control (RFC 8707)

Use resource to set the intended audience precisely and avoid 401s. Falls back to legacy audience logic when disabled.

Decision contract (PDP) Gateway (PEP) About ARIA

← ARIA Contracts

All resources