What is Agent Identity (AID)?

AID is an open protocol that lets AI agents authenticate with OAuth 2.0 servers using Ed25519 cryptographic identity. Instead of passwords or API keys, an agent presents a signed identity document and proof of possession of its private key. The server verifies the signature and issues a scoped JWT token.

How is AID different from API keys or service accounts?

API keys are shared secrets that can leak. Service accounts use static credentials that need rotation. AID uses asymmetric Ed25519 cryptography - the private key never leaves the agent's machine. There's no secret to rotate, no credential to leak. The agent proves identity by signing a challenge, not by presenting a password.

What is the relationship between AID and AMP?

AMP (Agent Messaging Protocol) provides the identity layer - Ed25519 keypairs, addresses, and fingerprints. AID builds on top of AMP to add authentication and authorization. Think of AMP as 'who you are' and AID as 'proving who you are and what you can do'.

What tokens does AID issue?

AID issues standard RS256 JWT tokens that work with any JWT-validating API. Tokens include scoped permissions based on the agent's assigned role, and are compatible with OIDC discovery and JWKS endpoints for seamless integration with API gateways like AWS API Gateway.

v0.1.0 — built on AMP

Identity for
AI Agents

Name: Agent Identity
Author: Agent Messaging

Open protocol for AI agent authentication and authorization. Ed25519 cryptographic identity, OAuth 2.0 token exchange, scoped JWTs. No passwords. No API keys. No secrets to rotate.

Get Started How it Works

# Agent authenticates with an OAuth server

            $
             aid-token --auth https://auth.example.com/tenant
          
Token obtained

            Auth:       
            https://auth.example.com/tenant
          
            Scope:      
            files:read files:write content:read
          
            Expires in: 
            3600s
          
            Agent:      
            my-agent@acme.crabmail.ai
          
# Use the JWT with any API

            $
             curl -H "Authorization: Bearer $(aid-token -a ... -q)" \
          
            https://api.example.com/files

The Problem

AI agents need API access. Current solutions are broken.

Shared API Keys

Static secrets that leak. No way to know which agent used the key. Can't scope per-agent. Rotation is manual and error-prone.

Borrowed User Tokens

Agent acts as the human. No audit trail for agent vs. human actions. Over-privileged — agent gets all of the user's permissions.

Service Accounts

One service account per agent doesn't scale. Credentials need rotation. No cryptographic identity — just username/password with extra steps.

AID: Identity is the Credential

With AID, the agent's Ed25519 keypair is its credential. No shared secrets. No passwords. No rotation schedules. The private key never leaves the agent's machine.

Cryptographic Identity

Ed25519 keypair = identity. Nothing to leak, nothing to rotate.

Per-Agent Audit Trail

Every token identifies which agent requested it. Full accountability.

Scoped Permissions

Role-based scopes. Each agent gets only the access it needs.

Standard JWTs

RS256 tokens work with any API, any gateway, any language.

How it Works

Three steps. No passwords. Standard OAuth 2.0.

Register

One-time setup. Admin registers the agent's public key with the auth server and assigns a role with scoped permissions.

            $
             aid-register \

                --auth https://auth.example.com/acme \

                --token eyJ... --role-id 2

Authenticate

Agent signs its identity document and proof of possession, sends them to the OAuth token endpoint.

            $
             aid-token \

                --auth https://auth.example.com/acme

            Token obtained (3600s)

Access APIs

Use the JWT with any API that validates tokens. Standard Bearer auth. Works with AWS Gateway, Cloudflare, nginx, anything.

            $
             curl -H "Authorization: \

                Bearer $TOKEN" \

                https://api.example.com/files

OAuth 2.0 Token Exchange Flow

POST /oauth/token
Content-Type: application/x-www-form-urlencoded

            grant_type=urn:aid:agent-identity
          
            &agent_identity=<base64url-signed-identity>
          
            &proof=<base64url-proof-of-possession>
          
            &scope=files:read files:write
          
Response:
{

            "access_token": "eyJhbGciOiJSUzI1NiJ9...",
          
            "token_type": "Bearer",
          
            "expires_in": 3600,
          
            "scope": "files:read files:write"
          
}

Why AID?

Built for the $11B non-human identity market. Open, standards-based, cloud-agnostic.

No Shared Secrets

Ed25519 asymmetric crypto. Private key never leaves the agent. Nothing to leak, nothing to rotate.

Replay Protected

Proof of possession with timestamps. 5-minute validity window prevents replay attacks.

Role-Based Scopes

Each agent gets a role with specific permissions. Request only the scopes you need. Least privilege by default.

Multi-Server

One identity, many auth servers. Register with multiple APIs. Different roles, different scopes, same keypair.

Standard OAuth 2.0

Custom grant type on standard OAuth. RS256 JWTs. OIDC discovery. JWKS endpoints. Works with existing infrastructure.

Token Caching

Automatic local token cache. Scope-aware. 60-second buffer before expiry. Skip with --no-cache when needed.

Full Audit Trail

Every token request tracked. Agent address, timestamp, scope. Know exactly which agent did what, when.

Cloud Agnostic

Not tied to AWS, Azure, or GCP. Works with any OAuth 2.0 server. Open protocol, open source, MIT licensed.

The Protocol

AID extends OAuth 2.0 with a single custom grant type. Everything else is standard.

Agent Identity Document

A signed JSON document containing the agent's public key, address, and fingerprint. The agent signs it with its Ed25519 private key to prove ownership.

{

            "aid_version": "1.0",
          
            "address": "my-agent@acme.crabmail.ai",
          
            "public_key": "-----BEGIN PUBLIC KEY-----\n...",
          
            "key_algorithm": "Ed25519",
          
            "fingerprint": "SHA256:abc123...",
          
            "issued_at": "2026-03-21T00:00:00Z",
          
            "expires_at": "2026-09-21T00:00:00Z",
          
            "signature": "<base64url-ed25519-signature>"
          
}

Proof of Possession

A timestamped challenge signed with the agent's private key. Proves the agent currently holds the key (not just a replay of a previous request). 5-minute validity window.

// Sign input (plaintext)

            "aid-token-exchange\n{unix_timestamp}\n{auth_server_url}"
          
// Proof (base64url encoded)

            base64url(ed25519_sign(sign_input) + timestamp_string)

AID + AMP

AMP — Identity & Messaging

The Agent Messaging Protocol provides the foundation:

• Ed25519 keypair generation
• Agent addresses (name@tenant.provider)
• Fingerprints for identity verification
• Cryptographic message signing

AID — Authentication & Authorization

Agent Identity builds on AMP to add:

• OAuth 2.0 token exchange (urn:aid:agent-identity)
• Scoped RS256 JWT tokens
• Role-based access control
• Multi-server registration

Quick Start

Install in 30 seconds. Authenticate in 3 commands.

# Install AID

            $
             curl -fsSL https://raw.githubusercontent.com/agentmessaging/agent-identity/main/install.sh | bash
          
# Initialize AMP identity (if not already done)

            $
             amp-init --auto
          
# Register with an auth server (one-time)

            $
             aid-register --auth https://auth.example.com/acme --token eyJ... --role-id 2
          
# Get a scoped JWT token

            $
             aid-token --auth https://auth.example.com/acme --scope "files:read"
          
# Use it with any API

            $
             curl -H "Authorization: Bearer $(aid-token -a https://auth.example.com/acme -q)" \
          
            https://api.example.com/files

The Landscape

Non-human identity is an $11.3B market. Here's where AID fits.

	AID	Entra Agent ID	AWS AgentCore	API Keys
Cloud Lock-in	None	Azure	AWS	None
Crypto Identity	Ed25519	Certificates	IAM Roles	None
Secret Rotation	Not needed	Auto	Auto	Manual
Multi-Tenant	Native	Via Azure AD	Via IAM	Manual
Open Source	MIT	No	No	N/A
Price	Free	$$$/mo	$$$/mo	Free

For Auth Server Implementers

Add AID support to your OAuth 2.0 server in four steps.

1. Agent Registration

Add a POST /agent_registrations endpoint that accepts public keys, addresses, and fingerprints. Assign roles with scoped permissions.

2. Token Endpoint

Handle grant_type=urn:aid:agent-identity in your POST /oauth/token endpoint. Verify the signed identity and proof.

3. Ed25519 Verification

Verify the Agent Identity signature, check expiration, validate proof of possession timestamp, and match fingerprints against registrations.

4. OIDC Discovery

Add urn:aid:agent-identity to grant_types_supported in your discovery document so clients can auto-detect support.

Identity forAI Agents