---
summary: Developer guide for using SigID with agent identity, delegated access, token exchange, wallets, and MCP server authentication.
tags:
  - developers
  - agents
  - mcp
  - delegation
categories:
  - For Developers
---

# Agent And MCP Auth

<!-- agent:page
You are a coding agent wiring SigID auth for AI agents, tool runners, or MCP servers by following this guide.
This is optional for normal user login; only proceed if the product has agents, delegated actions, tool calls, or MCP servers.
First collect: what the agent is allowed to do, the workspace or tenant it belongs to, the scopes it needs, and which subject types each backend boundary accepts (human, delegated, agent).
Implementation order:
- register or identify the agent in the workspace or tenant
- request delegated access only for the scopes actually needed
- validate agent or delegated tokens at every backend boundary: issuer, audience, tenant, expiry, scopes, subject type
- for MCP servers, require a valid bearer token on every tool call, distinguish human-triggered delegated access from autonomous agent access, and reject unknown or overbroad scopes
- log subject ID, tenant ID, tool name, request ID, and decision, never raw tokens or secrets
Keep approval, audit, and revocation paths visible to operators.
Protocol details live in reference/oauth-oidc.md (device authorization, CIBA, token exchange) and reference/claims-and-scopes.md.
-->

Use this page when an AI agent, tool runner, or MCP server needs controlled
access to APIs or tools through SigID.

This is optional for normal user login. Start here only when your product has
agents, delegated actions, tool calls, or MCP servers.

## What SigID Adds For Agents

SigID can represent agents as scoped principals. That means your backend can
distinguish:

- a human user acting directly
- an agent acting under policy
- a delegated call approved or triggered by a human
- a tool or MCP server request that must be checked before it runs

## Agent Integration Path

<!-- agent:action Wire the agent principal
Follow steps 1-6 in order: define what the agent may do, register or identify it in the workspace or tenant, request delegated access only for needed scopes, validate agent or delegated tokens at every backend boundary, and log subject ID, tenant ID, tool name, request ID, and decision.
Keep approval, audit, and revocation paths visible to operators; do not grant broad scopes for convenience.
Verify a token missing a required scope is rejected at each boundary before moving on.
-->

1. Decide what the agent is allowed to do.
2. Register or identify the agent in the workspace or tenant.
3. Request delegated access only for needed scopes.
4. Validate agent or delegated tokens at every backend boundary.
5. Log subject ID, tenant ID, tool name, request ID, and decision.
6. Keep approval, audit, and revocation paths visible to operators.

## MCP Server Pattern

<!-- agent:action Protect MCP tool calls
Guard every MCP tool call like a backend API route: require a valid bearer token and validate issuer, audience, tenant, expiry, scopes, and subject type before the tool runs.
Distinguish human-triggered delegated access from autonomous agent access, and reject unknown or overbroad scopes.
Log decisions without logging raw tokens or secrets, and verify an unauthenticated tool call is rejected.
-->

Protect MCP tool calls the same way you protect backend APIs:

- require a valid bearer token
- validate issuer, audience, tenant, expiry, scopes, and subject type
- distinguish human-triggered delegated access from autonomous agent access
- reject unknown or overbroad scopes
- log decisions without logging raw tokens or secrets

For protocol-level delegated access, see
[OAuth And OIDC](../reference/oauth-oidc.md#device-authorization-ciba-and-token-exchange).
For token details, see [Claims And Scopes](../reference/claims-and-scopes.md).

## Detailed Agent Reference

For depth beyond the integration path above, these reference pages cover each
agent surface in detail:

- [Agent Authentication](agent-auth.md) - challenge-response, client credentials,
  and agent-scoped token validation
- [Agent Registration](registration.md) - anchors, scopes, keys, and lifecycle
  webhook subscriptions
- [Delegation And Token Exchange](delegation.md) - agents acting for users or
  organizations with reduced scopes (RFC 8693)
- [Agent Wallets](wallets.md) - wallet models, signing controls, spending limits,
  and approval gates
- [MCP Server Integration](mcp.md) - requiring OAuth access tokens on MCP tool calls
- [Agent CLI](cli.md) - local key management, registration, authentication, and the
  full `sigid-cli` operator guide
