Agent And MCP Auth¶
Use this page when an AI agent, tool runner, or MCP server needs controlled access to APIs or tools through SigID.
This is optional for normal user login. Start here only when your product has agents, delegated actions, tool calls, or MCP servers.
What SigID Adds For Agents¶
SigID can represent agents as scoped principals. That means your backend can distinguish:
- a human user acting directly
- an agent acting under policy
- a delegated call approved or triggered by a human
- a tool or MCP server request that must be checked before it runs
Agent Integration Path¶
Follow steps 1-6 in order: define what the agent may do, register or identify it in the workspace or tenant, request delegated access only for needed scopes, validate agent or delegated tokens at every backend boundary, and log subject ID, tenant ID, tool name, request ID, and decision.
Keep approval, audit, and revocation paths visible to operators; do not grant broad scopes for convenience.
Verify a token missing a required scope is rejected at each boundary before moving on.
- Decide what the agent is allowed to do.
- Register or identify the agent in the workspace or tenant.
- Request delegated access only for needed scopes.
- Validate agent or delegated tokens at every backend boundary.
- Log subject ID, tenant ID, tool name, request ID, and decision.
- Keep approval, audit, and revocation paths visible to operators.
MCP Server Pattern¶
Guard every MCP tool call like a backend API route: require a valid bearer token and validate issuer, audience, tenant, expiry, scopes, and subject type before the tool runs.
Distinguish human-triggered delegated access from autonomous agent access, and reject unknown or overbroad scopes.
Log decisions without logging raw tokens or secrets, and verify an unauthenticated tool call is rejected.
Protect MCP tool calls the same way you protect backend APIs:
- require a valid bearer token
- validate issuer, audience, tenant, expiry, scopes, and subject type
- distinguish human-triggered delegated access from autonomous agent access
- reject unknown or overbroad scopes
- log decisions without logging raw tokens or secrets
For protocol-level delegated access, see OAuth And OIDC. For token details, see Claims And Scopes.
Detailed Agent Reference¶
For depth beyond the integration path above, these reference pages cover each agent surface in detail:
- Agent Authentication - challenge-response, client credentials, and agent-scoped token validation
- Agent Registration - anchors, scopes, keys, and lifecycle webhook subscriptions
- Delegation And Token Exchange - agents acting for users or organizations with reduced scopes (RFC 8693)
- Agent Wallets - wallet models, signing controls, spending limits, and approval gates
- MCP Server Integration - requiring OAuth access tokens on MCP tool calls
- Agent CLI - local key management, registration, authentication, and the
full
sigid-clioperator guide