Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agent-to-agent OAuth and MCP: are IAM controls keeping up?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Agent-to-agent OAuth uses scoped, revocable tokens to let AI agents connect through MCP without sharing passwords or raw API keys, while the guide also details discovery, dynamic client registration, token validation, revocation, and policy controls, according to Stytch. The governance shift is that agent access now needs lifecycle discipline, not just authentication plumbing.

NHIMG editorial — based on content published by Stytch: Back to blog Agent-to-agent OAuth, a guide for secure AI agent connectivity with MCP Auth and identity

By the numbers:

Questions worth separating out

Q: How should security teams govern AI agents that use OAuth to access APIs?

A: Treat each agent as a distinct non-human identity with its own owner, scopes, consent record, and revocation process.

Q: Why do AI agents complicate existing IAM and access review processes?

A: Because agents can obtain and use privileges continuously, while many IAM controls assume access is stable long enough to be reviewed by a human.

Q: What do organisations get wrong about OAuth for AI agent connectivity?

A: They often treat OAuth as a login feature instead of a delegated authorisation model with lifecycle obligations.

Practitioner guidance

  • Inventory every AI agent as a governed identity Record each agent, the apps it can reach, the scopes it has, the owner responsible, and the revocation path.
  • Replace static secrets with scoped OAuth grants Eliminate API keys where an agent can use authorization code flow with PKCE, short-lived access tokens, and refresh token controls.
  • Enforce token validation on every agent call Validate issuer, audience, expiry, and scopes on each request, not just at initial login.

What's in the full article

Stytch's full guide covers the operational detail this post intentionally leaves for the source:

  • Node.js implementation examples for agent-to-agent OAuth flows with MCP.
  • Discovery, dynamic client registration, and token exchange details for connected apps.
  • Token validation, refresh, revocation, and policy enforcement guidance for production deployments.
  • Practical options for aligning agent access with admin policies and consent screens.

👉 Read Stytch's guide to agent-to-agent OAuth and MCP identity flows →

Agent-to-agent OAuth and MCP: are IAM controls keeping up?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

OAuth for AI agents is now an NHI governance problem, not just an application integration pattern. The guide is correct to frame tokens, consent, and revocation as the core trust boundary. Once an agent receives its own scoped credential, it is operating as a non-human identity with distinct lifecycle requirements. The implication is that identity programmes need one governance model for human users, service accounts, and agent-driven access paths.

A few things that frame the scale:

  • Only 5.7% of organisations have full visibility into their service accounts, according to the Ultimate Guide to NHIs.
  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.

A question worth separating out:

Q: Who is accountable when an AI agent misuses delegated access?

A: Accountability usually sits with the organisation that approved the connection, the team that owns the connected application, and the operator responsible for the agent’s lifecycle. In practice, if no one owns the scopes and revocation path, accountability is effectively absent even if the token was technically valid.

👉 Read our full editorial: Agent-to-agent OAuth and MCP change AI agent identity governance



   
ReplyQuote
Share: