RSS

Auth.md: an open protocol for agent registration

grinich1 pts0 comments

auth.md

auth.md<br>Enable agents to register users without the sign-up form. Auth.md provides secure agent registration that any app can implement.<br>Make your app agent ready

~/projects/notes-app — opencode<br>VerifiedAgent verifiedClaimedUser claimed

Looks like your app is almost finished. What would you like to do today?<br>▸1.Deploy my app to Cloudflare▸2.Add Firecrawl scraping to my app▸3.Add auth with WorkOS AuthKit<br>Tap an option↑↓ to navigate · ↵ to select

Self-serve agent discovery<br>Publish auth.md at your domain with the flows, scopes, and endpoints an agent needs to register.

Choose the flows you support<br>Allow trusted identity assertions, OTP-based claim flows, or anonymous access.

Credentials you control<br>Issue scoped API keys or access tokens tied to users — auditable, expirable, revocable.

Get started<br>Make your app agent-ready<br>For services that want agents to register users on behalf of their customers.<br>Read the apps guide→

Become an identity provider<br>For platforms whose agents act on behalf of users.<br>Read the provider guide→

One-click enable with AuthKit<br>Get in touch to enable auth.md on your account.

Get early access→

FAQs<br>What is auth.md?A Markdown file an application hosts at its domain — typically https://yourapp.com/auth.md — that tells agents how to register on behalf of a user. It includes which flows are supported, which scopes exist, and how to register for the service. See the file format.

How does an agent register a user with my app?The agent fetches your auth.md, picks a supported flow, and either presents a verified identity assertion (agent verified flow) or walks the user through an OTP-based claim (user claimed flow). You stay in control of which flows you accept and what credentials get issued. Read the apps guide.

What's the difference between the agent verified and user claimed flows?Agent verified is agent-attested — the agent's identity provider vouches for the user, no human interaction required. User claimed is OTP-based — the agent triggers a code, the human confirms, the account is claimed. Most apps support both and let the agent pick the right one for the situation. Agent verified · User claimed.

What credentials get issued to the agent?Your service decides whether to return a scoped API key or access token tied to the user. This allows for re-use of your existing API auth methods.

Is auth.md a WorkOS only feature or an open protocol?It's open. WorkOS authors the protocol, but auth.md isn't tied to WorkOS infrastructure — it composes existing OAuth standards (Protected Resource Metadata, ID-JAG identity assertions) and any app can publish or any agent can read one with no WorkOS account required. See the protocol on GitHub.

Contact us<br>We're shaping auth.md with early adopters. Tell us what you're building, ask a question, or share feedback.<br>authmd@workos.com

agent auth user register claimed workos

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times

PopuLoRA: Co-Evolving LLM Populations for Reasoning Self- Play

AMavorParker8 ptstasks model training self populora play
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.