WorkOS Releases auth.md: An Open Agent Registration Protocol Built on OAuth Standards

WorkOS has introduced auth.md, an open-source agent registration protocol designed to standardize how artificial intelligence agents authenticate and gain access to web applications. Built on established OAuth standards, the protocol addresses a critical gap in the current AI ecosystem: the lack of structured mechanisms for agents to securely register and obtain user-tied credentials without requiring human intervention at every step.

auth.md operates through a simple Markdown file that applications publish at their domain root, similar to how robots.txt guides web crawlers. This configuration file communicates essential information to AI agents, including supported registration flows, required OAuth scopes, and credential management procedures. By leveraging existing OAuth standards rather than creating entirely new authentication frameworks, auth.md maintains compatibility with established security practices while enabling seamless machine-to-application interactions.

The protocol eliminates friction in agent onboarding by providing a standardized discovery mechanism. Rather than agents attempting various authentication approaches through trial and error, they can reference the published auth.md file to understand exactly how to register and what permissions they can request on behalf of users.

• Accelerated AI Agent Adoption: Standardized registration reduces barriers to entry for AI agents accessing business applications and services
• Enhanced Security Framework: Credentials remain tied to real users, maintaining accountability and preventing unauthorized access
• Developer Efficiency: Clear specifications reduce implementation ambiguity for both application developers and AI agent creators
• Interoperability Standards: An open protocol fosters ecosystem-wide compatibility, preventing vendor lock-in scenarios
• User Control Preservation: The framework maintains user agency by ensuring agents cannot gain access without proper authorization scopes

As AI agents become increasingly prevalent in enterprise and consumer applications, establishing clear authentication standards has become essential. WorkOS's auth.md addresses infrastructure gaps that could otherwise impede AI adoption or introduce security vulnerabilities. By publishing an open protocol rather than proprietary solution, WorkOS positions itself as a standards advocate while providing immediate practical value to developers navigating the expanding AI integration landscape. This move reflects the industry's maturation, acknowledging that sustainable AI deployment requires robust, interoperable authentication frameworks.