OAuth discovery for AI agents: authentication of the future
Why AI agents need authentication
As AI agents perform more tasks independently, the need for secure authentication grows. An AI agent that books a flight, places an order or requests access to protected data on your behalf needs to identify itself and obtain authorization. Traditional authentication methods such as username and password are unsuitable for this: you do not want to share login credentials with an AI agent.
OAuth 2.0 has been the standard for delegated authorization on the web for years. It makes it possible to give an application limited access to your account without sharing your password. For AI agents, OAuth is becoming increasingly relevant, but with an important addition: discovery. The agent must be able to independently discover how and where to request authorization.
OAuth discovery is the security layer that, together with MCP servers, forms the foundation for secure agent interaction. While MCP defines what an agent can do, OAuth determines who is allowed to do it and under what conditions. It is an essential part of the agent-ready stack alongside your robots.txt configuration.
OAuth Authorization Server Metadata
The foundation of OAuth discovery is the Authorization Server Metadata document, defined in RFC 8414. This JSON document describes all endpoints and capabilities of your OAuth server and is available at a standardized location. AI agents can automatically retrieve this document to understand how to request authorization.
// Location: /.well-known/oauth-authorization-server
// Content-Type: application/json
{
"issuer": "https://auth.example.com",
"authorization_endpoint": "https://auth.example.com/authorize",
"token_endpoint": "https://auth.example.com/token",
"registration_endpoint": "https://auth.example.com/register",
"scopes_supported": [
"read:profile",
"read:products",
"write:orders",
"read:scan-results"
],
"response_types_supported": [
"code"
],
"grant_types_supported": [
"authorization_code",
"client_credentials"
],
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"code_challenge_methods_supported": [
"S256"
]
}Key fields explained
Each field in the metadata document plays a specific role in the discovery process. The issuer field uniquely identifies the authorization server. The endpoints tell the agent where to send authorization requests and token requests. The registration_endpoint is particularly interesting for AI agents: it enables dynamic client registration, allowing an agent to register itself without human intervention.
Dive deeper: MCP Servers: how AI agents communicate with your website | A2A protocol: agent-to-agent communication | Security headers that build AI trust
OAuth Protected Resource Metadata
In addition to the Authorization Server Metadata, there is also the Protected Resource Metadata (RFC 9728). This document describes the protected resource itself and tells AI agents which authorization server to use and which scopes are needed to gain access.
// Location: /.well-known/oauth-protected-resource
// Content-Type: application/json
{
"resource": "https://api.example.com",
"authorization_servers": [
"https://auth.example.com"
],
"scopes_supported": [
"read:products",
"write:orders"
],
"bearer_methods_supported": [
"header"
],
"resource_documentation": "https://api.example.com/docs"
}- The resource field identifies the API or service that is protected.
- authorization_servers refers to the OAuth server that issues tokens for this resource.
- scopes_supported tells which permissions are available.
- bearer_methods_supported indicates how the access token should be sent (header, body or query).
- resource_documentation links to the API documentation for the agent.
The discovery flow for AI agents
When an AI agent wants to access a protected resource, it follows a standardized discovery flow. This process runs fully automatically without human intervention, except for the authorization step where the user grants permission.
- The agent tries to access a protected resource and receives a 401 Unauthorized response.
- The agent retrieves the Protected Resource Metadata via /.well-known/oauth-protected-resource.
- From this document, the agent reads which authorization server to use.
- The agent retrieves the Authorization Server Metadata via /.well-known/oauth-authorization-server.
- The agent registers itself as a client via the registration_endpoint (dynamic client registration).
- The agent initiates an OAuth authorization flow and asks the user for permission.
- After permission is granted, the agent receives an access token to access the protected resource.
Visual representation of the flow
AI-Agent Resource Server Auth Server
| | |
|--- GET /api/data ----------->| |
|<-- 401 Unauthorized ---------| |
| | |
|--- GET /.well-known/oauth-protected-resource ---------->|
|<-- Protected Resource Metadata -------------------------|
| | |
|--- GET /.well-known/oauth-authorization-server -------->|
|<-- Authorization Server Metadata ---------------------->|
| | |
|--- POST /register (dynamic client registration) ------>|
|<-- client_id + client_secret --------------------------->|
| | |
|--- Redirect user to /authorize ----------------------->|
|<-- Authorization code (via redirect) ------------------>|
| | |
|--- POST /token (code + PKCE verifier) ---------------->|
|<-- access_token ----------------------------------------|
| | |
|--- GET /api/data (Bearer token) ------>| |
|<-- 200 OK + data --------------------| |Always use PKCE (Proof Key for Code Exchange) in combination with the authorization code flow for AI agents. This prevents a malicious agent from abusing an intercepted authorization code. Specify code_challenge_methods_supported: ["S256"] in your metadata.
Dynamic Client Registration: the key for agents
Dynamic Client Registration (RFC 7591) is one of the most impactful features for AI agents. In traditional OAuth flows, a developer must manually register an application with the authorization server. With dynamic registration, an AI agent can do this entirely autonomously.
// Dynamic Client Registration request
POST /register HTTP/1.1
Host: auth.example.com
Content-Type: application/json
{
"client_name": "Claude AI Agent",
"redirect_uris": [
"https://claude.ai/oauth/callback"
],
"grant_types": ["authorization_code"],
"response_types": ["code"],
"token_endpoint_auth_method": "client_secret_basic",
"scope": "read:products read:profile"
}
// Response
{
"client_id": "generated-client-id",
"client_secret": "generated-secret",
"client_name": "Claude AI Agent",
"grant_types": ["authorization_code"],
"redirect_uris": ["https://claude.ai/oauth/callback"]
}Implementation in Laravel
For Laravel projects, the Laravel Passport or Laravel Sanctum package provides a solid foundation for OAuth implementation. Passport supports full OAuth 2.0 flows including authorization codes, while Sanctum is better suited for simpler token-based authentication. For AI agent discovery, Passport is the recommended choice due to its full OAuth 2.0 support.
The discovery endpoints (/.well-known/oauth-authorization-server and /.well-known/oauth-protected-resource) need to be manually added as routes that serve the correct JSON metadata. Ensure these endpoints are publicly accessible without authentication.
// routes/web.php
Route::get('/.well-known/oauth-authorization-server', function () {
return response()->json([
'issuer' => config('app.url'),
'authorization_endpoint' => config('app.url') . '/oauth/authorize',
'token_endpoint' => config('app.url') . '/oauth/token',
'registration_endpoint' => config('app.url') . '/oauth/register',
'scopes_supported' => ['read:profile', 'read:products'],
'response_types_supported' => ['code'],
'grant_types_supported' => ['authorization_code'],
'code_challenge_methods_supported' => ['S256'],
]);
});
Route::get('/.well-known/oauth-protected-resource', function () {
return response()->json([
'resource' => config('app.url') . '/api',
'authorization_servers' => [config('app.url')],
'scopes_supported' => ['read:profile', 'read:products'],
'bearer_methods_supported' => ['header'],
'resource_documentation' => config('app.url') . '/api/docs',
]);
});Don't forget to also set up your other agent-ready components alongside these OAuth endpoints. Your HTTPS and HSTS configuration is a prerequisite: OAuth flows must exclusively run over secure connections. And your security headers contribute to the trust AI agents have in your server.
The future of agent authentication
OAuth discovery for AI agents is still in its infancy, but developments are moving fast. The MCP protocol already integrates with OAuth for authentication, and an increasing number of AI platforms support standardized discovery. By implementing the correct metadata endpoints now, you prepare your website for a future where AI agents represent a significant portion of your traffic and transactions.
The combination of OAuth discovery, MCP servers and the right robots.txt configuration together forms the foundation of an agent-ready website. Each component plays a specific role: robots.txt determines what can be read, MCP defines the available functionality and OAuth handles secured access.
Key takeaways
- OAuth 2.0 with discovery endpoints is the standard for secure authentication of AI agents with your website.
- The Authorization Server Metadata (RFC 8414) and Protected Resource Metadata (RFC 9728) together form the basis for agents to autonomously obtain authorization.
- Dynamic Client Registration (RFC 7591) enables AI agents to register themselves independently without human intervention.
- PKCE (Proof Key for Code Exchange) is a mandatory security layer that prevents intercepted authorization codes from being abused.
- OAuth discovery, together with MCP and robots.txt, forms the foundation of an agent-ready website.
Frequently asked questions
Is OAuth discovery the same as OpenID Connect discovery?
They are similar but not identical. OpenID Connect (OIDC) discovery (/.well-known/openid-configuration) is specifically aimed at identity verification. OAuth Authorization Server Metadata (/.well-known/oauth-authorization-server) is broader and focused on authorization. For AI agents that need access to protected resources, the OAuth variant is most relevant. In practice, you often implement both.
Does every website need to implement OAuth discovery?
No. OAuth discovery is only relevant if your website offers protected resources that AI agents need access to. If your website is purely informational (blog, documentation, portfolio), other AEO measures like llms.txt, robots.txt and structured data are more important. OAuth becomes relevant when you offer transactions, personalization or protected data.
How do I prevent abuse of dynamic client registration?
There are multiple strategies. You can apply rate limiting to the registration endpoint, require an initial registration token or manually approve registrations before they become active. The MCP specification also recommends limiting scopes on initial registration and only expanding after verification of the agent.
Can I use Laravel Sanctum instead of Passport?
Sanctum is suitable for simple token-based API authentication but lacks full OAuth 2.0 support (authorization code flow, dynamic registration). For AI agent discovery, Passport is the better choice. If you already use Sanctum, you could consider implementing the discovery endpoints manually and letting Sanctum handle the actual token issuance for simpler use cases.
How do I test whether my OAuth discovery works correctly?
Start by manually fetching your .well-known endpoints in the browser or with curl. Verify that the JSON is valid and contains all required fields. Then test the complete flow with an MCP client such as the Claude desktop app. Our AEO scanner also checks whether the .well-known endpoints are reachable and correctly configured.
In the agent economy, authentication is not an afterthought but a feature. Websites that offer AI agents secure and standardized access become the preferred partners of the next generation of digital assistants.
How does your website score on AI readiness?
Get your AEO score within 30 seconds and discover what you can improve.
