auth-md

Installation
SKILL.md

auth-md

Generate, validate, and explain the auth.md protocol — the open standard that lets AI agents register for services on behalf of users, without signup forms.


Protocol Context

auth.md is a Markdown file published at a service's root (typically https://service.com/auth.md) that instructs agents on how to register. It works simultaneously as human-readable documentation and as a discoverable runtime artifact for agents.

The protocol extends RFC 9728 (OAuth 2.0 Protected Resource Metadata) with an agent_auth block in the Authorization Server metadata. Registration returns an identity_assertion (service-signed JWT) that the agent exchanges at /oauth2/token for an access_token. Three registration methods are supported:

Flow Mechanism When to use
identity_assertion Provider signs an ID-JAG (with auth_time) asserting user identity. Service verifies JWKS, returns identity_assertion. Agent exchanges at /oauth2/token. Service does JIT provisioning from OIDC/SAML; wants zero-friction registration.
service_auth Email hint + browser-based ceremony. Agent receives user_code + verification_uri; user signs in and types code. Agent polls /oauth2/token. Agents on platforms that can't mint ID-JAGs; self-serve without trust list.
anonymous No identity upfront. Immediate identity_assertion with pre-claim scopes. Optional deferred claim for scope upgrade. Agent needs basic access immediately; human ownership binding deferred.

Protocol Endpoints

Installs
13
GitHub Stars
12
First Seen
Jun 7, 2026
auth-md — fabricioctelles/skills