Agentic Authentication and OAuth
Heya,
I came across a post by Stytch's co-founder and CTO Julianna Lamb about the intersection of AI agents and authentication. After reading it, I had some thoughts about where OAuth might fit in. The entire article may be a teaser for a new Stytch feature, but nevertheless is thought provoking.
The core argument is that as AI agents become more prevalent, they'll need standardized ways to access user data. OAuth, particularly its scope system, could be the answer. If you've been following CIAM and authentication for a while, this might sound familiar. After all, OAuth 2.0 emerged as the winner for social platform data access by solving similar problems around data access and authorization.
However, OAuth's success in social login was driven by a few key factors:
security concerns of alternatives (users giving third party services credentials)
large, technically savvy implementors like Google and Facebook
clear benefits when OAuth was rolled out in terms of data stickiness and ecosystem gravity
The landscape for agent authentication looks quite different. Note, I'm setting aside the problem of how close we are to real-world agents; that's a question I'd defer to the folks at Latent Space.
Let's break down why OAuth won social login and data access first. Major platforms like Google and Facebook had the market power to push for standardization. They also had a vested interest in making their data available in a controlled way, as it expanded their reach while maintaining account security. Both developers and users benefited from a standardized approach that was more secure than the password-sharing anti-pattern that preceded it.
But when we look at agent authentication, it's a different world. Unlike the social login and data landscape, which was dominated by a few major, tech-savvy players, the potential ecosystem for agent interaction is vastly more fragmented. Many smaller organizations and applications that users would want to interact with don't even have APIs, let alone well-defined OAuth flows and scopes. This fragmentation poses a significant challenge to the adoption of OAuth to solve the agent authentication problem.
The incentive structure is also different. Organizations which benefit directly from agent interaction, such as subscription services or e-commerce stores, might be motivated to invest in making their services agent-accessible. However, ad-supported services or content-focused sites might see little immediate benefit from enabling agent access, especially given the development effort required.
In a follow-on HN discussion, Lamb mentions banking data access as an example of how this might evolve. But banking is an example that proves my points. Ignoring the fact that some regulators required API access, banks fall into that first category, where agent interaction doesn't directly hurt their revenue streams and may well enhance it.
There's also the question of standardization beyond just authentication. For agents to be truly effective, they'll need standardized ways to understand and interact with different services. If an API has an OpenAPI schema, this concern might be partially addressed, depending on the richness of that spec.
Scope definition, always tough, becomes even more complex in the context of AI agents. Traditional OAuth scopes were designed around relatively straightforward use cases like "read your email" or "post to your timeline." But what does appropriate scoping look like for an AI agent? How do you avoid sprawling scopes while still allowing agents to do that which uses want to do? How do we balance granular control with understandability, since presumably the user is still offering consent?
Looking ahead, we might see a hybrid approach emerge. Large platforms and regulated industries might lead the way with OAuth-based agent authentication with rich APIs and specs. It wouldn’t surprise me at all to read about Shopify or Magento building agent-friendly APIs, scopes and authentication.
Smaller players, in contrast, might leverage llms.txt to increase their traffic. They might do nothing, and we could see agent-controlled browsers and user credentials give access to data in a less constrained fashion. We've heard this story before; users can be careless about allowing access to their data if doing so helps them achieve their goals.
The possible rise of AI agents pushes me to rethink how applications handle authentication and authorization. While OAuth might not be the complete answer, its evolution and the lessons learned from social login and data sharing should influence whatever solutions emerge.
Thanks for reading,
Dan
P.S. If anyone reading knows Julianna Lamb, I'd love to interview her for my experts series.