GenAuth
GenAuth is identity infrastructure for autonomous agents. It does not only answer how users log in. It answers how agents act on behalf of users without receiving root authority.
Core problem
Traditional OAuth was designed for human users and backend services. Agent scenarios are more complex: agents call tools, access MCP, operate webpages, and continue work across sessions. Permissions must be explicitly delegated, scoped, and audited.
GenAuth makes agents first-class participants in the authorization model.
Capabilities
| Capability | Description |
|---|---|
| Identity Gateway | Creates an identity abstraction between users, agents, MCP, and business systems |
| Delegated Authorization | Converts human authorization into expiring, scoped, and revocable agent permissions |
| MCP Hub Profiles | Provides standard profiles for connecting agents to external tools and data sources |
| Audit Trail | Records the complete chain of human, agent, time, resource, and action |
CLI workflow
GenAuth provides genauth-cli for managing user pools, applications, and OIDC scopes from the command line. Developers can use interactive commands to complete OIDC setup, while agents and CI jobs can use --json, --no-input, and environment variables for deterministic automation.
Read GenAuth CLI for installation, login, application creation, and genauth oidc setup.
Policy boundary
GenAuth defines the boundary of agent action:
- Which resources the agent can access.
- Which user the agent can represent.
- Whether the action requires secondary confirmation.
- Whether the action can be traced and reviewed.
Best fit
GenAuth is best suited for teams building agent products from day zero, enterprises upgrading existing identity systems into agentic authorization, and platforms that need MCP, Profile, and Authorization as standard capabilities.