workos

workos / auth.md

Public

An open protocol that lets agents register for services on behalf of users — discoverable through a Markdown file at your domain.

11
0
85% credibility
Found May 22, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

auth.md is a reference implementation of 'agentic registration' — a protocol that enables AI agents to authenticate to web services on behalf of users. The system has three moving parts: an AI agent, an agent provider that vouches for the agent's identity (like a company running AI assistants), and a service that accepts those identity assertions. It solves the common problem where agents need to access APIs but users shouldn't have to manually create and share API keys. The implementation includes working code for both the provider side (minting signed identity tokens) and the service side (verifying tokens and issuing credentials), along with two fallback flows for cases where trusted provider signatures aren't available — verified email with one-time codes, and anonymous registration with optional ownership claims.

How It Works

1
💭 You notice a problem

AI assistants hitting walls trying to access services on behalf of users — requiring people to manually create and share keys is awkward for everyone.

2
🔍 You discover a solution

Agentic registration — a protocol that lets trusted AI providers assert user identity so agents can authenticate smoothly, with user consent built in.

3
You pick your role
🏢
Identity Broker

You want to issue signed identity assertions for your agents — like OpenAI or Anthropic would do.

🏪
Service Provider

You want your service to accept agent authentications from trusted sources.

4
You run the reference implementation

A complete, working demo shows all three flows — trusted assertions, email verification, and anonymous registration — so you can see exactly how it works.

5
🔧 You build your piece

Following clear guides, you implement the endpoints for minting or verifying assertions, with full error handling and security built in.

Your system works

Agents can now authenticate on behalf of users with proper consent, and people have a real way to revoke access whenever they want.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is auth.md?

auth.md is a reference implementation of "agentic registration" -- an open protocol that lets AI agents authenticate to services on behalf of users without requiring the user to manually create API keys or sign up through a web interface. The system involves three parties: an agent acting for a user, an agent provider that mints signed identity tokens (called ID-JAGs), and a service that verifies those tokens and issues credentials. Built in TypeScript with Express, it handles three registration flows: trusted provider assertions via signed JWTs, email verification through an OTP ceremony, and anonymous self-registration for agents that start with no user identity at all.

Why is it gaining traction?

The protocol solves a real pain point: AI agents hitting walls when trying to use APIs designed to keep robots out. Instead of asking users to sign up, generate API keys, and paste them to the agent, this lets the agent discover authentication requirements through standard OAuth metadata endpoints and complete the full flow programmatically. The OTP-based claim system is particularly clever -- it handles agents that have a user email but no provider-signed assertion, bridging the gap between fully trusted and completely anonymous scenarios.

Who should use this?

Agent framework developers building tools that need to authenticate to third-party services on behalf of users. API providers who want to support agent access without requiring users to manually manage credentials. Identity providers (like AI platform vendors) who want to become the identity broker for their users' service integrations. Early adopters comfortable with implementing draft-spec protocols -- this is not production-hardened software yet.

Verdict

At 11 stars with a 0.85% credibility score, this is experimental territory. The protocol design is thoughtful and the interactive demos make the flows tangible, but there's no test suite visible and the implementation uses in-memory storage. Worth watching if you're building in the agent authentication space, but wait for a 1.0 before betting your auth stack on it.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.