AIToday

SharkAuth – Open-source identity provider for AI agent delegation with RFC 8693 Token Exchange and DPoP

Hacker NewsMay 4, 20261 min read
SharkAuth – Open-source identity provider for AI agent delegation with RFC 8693 Token Exchange and DPoP

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. SharkAuth is a single ~29 MB static Go binary with embedded SQLite that implements OAuth 2.1 RFC 8693 Token Exchange and RFC 9449 DPoP (Demonstrating Proof-of-Possession), treating AI agents as first-class identities with cryptographically bound tokens and revocable delegation grants.

  2. The system addresses agent-to-agent delegation by issuing may_act_grants that are time-limited and hop-constrained, and binds every token to an agent's private key so that tokens stolen via prompt injection or log leak cannot be used without the key.

  3. SharkAuth ships as open-source (MIT licensed), requires zero configuration, runs with no external dependencies (no Postgres, Redis, or Docker needed), and collects only a one-time anonymous install_id ping by default with telemetry opt-out available.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →