Descriptions:
Patrick Riley and Carlos Galan from Auth0 and Okta delivered a workshop at the AI Engineer conference on implementing identity and authorization for AI agents, timed deliberately to coincide with a major new Auth0 product release that week. The session addresses four core challenges unique to agentic systems: establishing who the user is, enabling agents to call APIs on the user’s behalf, allowing agents to request human confirmation before taking risky actions, and enforcing fine-grained access control over specific resources.
The workshop walks through a live trading dashboard application with an embedded agent and MCP server integration. Specific Auth0 features demonstrated include the token vault, asynchronous authorization flows, and a fine-grained authorization (FGA) component built on an open-source project. The speakers show how to link user identities across multiple applications and MCP tools using OAuth scopes, and how the Auth0 TypeScript SDK handles token exchange so agents can access downstream services only within explicitly granted permission boundaries.
The session also references the updated OWASP LLM Top 10 to frame the new threat surface that autonomous agents introduce compared to traditional interactive chatbots. As agents move from user-prompted interactions toward fully autonomous operation—including agent-to-agent communication—the presenters argue that identity infrastructure must evolve in parallel. Developers building agentic systems requiring robust, auditable access control will find concrete architectural patterns and working SDK examples throughout.
📺 Source: AI Engineer · Published January 14, 2026
🏷️ Format: Tutorial Demo
