Delegation & Token Exchange¶
Delegation allows an agent to act on behalf of a user or organization with reduced permissions. This is done through OAuth 2.0 Token Exchange (RFC 8693).
When to Use Delegation¶
Use delegation when:
- An agent needs to perform actions for a user
- The agent should have limited, time-bound access
- You need audit trails showing both the user and agent
- You want the ability to revoke agent access independently
Token Exchange Flow¶
- User authenticates and receives an access token
- Agent authenticates and receives its own access token
- Agent exchanges both tokens for a delegated token
- Agent uses delegated token to act on user's behalf
Request Format¶
curl -sS "$SIGID_AUTH_ORIGIN/oauth/token" \
-u "$SIGID_CLIENT_ID:$SIGID_CLIENT_SECRET" \
-H "content-type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
--data-urlencode "subject_token=$USER_ACCESS_TOKEN" \
--data-urlencode "subject_token_type=urn:ietf:params:oauth:token-type:access_token" \
--data-urlencode "actor_token=$AGENT_ACCESS_TOKEN" \
--data-urlencode "actor_token_type=urn:ietf:params:oauth:token-type:access_token" \
--data-urlencode "requested_token_type=urn:ietf:params:oauth:token-type:access_token" \
--data-urlencode "audience=https://api.example.com" \
--data-urlencode "scope=limited:scope"
Delegated Token Design¶
| Field | Rule |
|---|---|
| Audience | Exact API or MCP server |
| Scope | Narrow tool or resource action |
| Subject | User or organization being represented |
| Actor | Agent identity |
| Expiry | Task-bound and short-lived |
| Approval | Required for sensitive or irreversible actions |
Response¶
The delegated token contains:
The access token includes:
sub: The user or organization being representedact: The agent identity (actor)aud: The intended audiencescope: The reduced scope
Validation¶
Resource servers should:
- Verify the token signature and expiry
- Check that
subrepresents the user/org - Check that
actrepresents a valid agent - Verify
scopeis appropriately narrow - Enforce resource-level tenant checks
Revocation¶
Delegated tokens can be revoked:
- By revoking the agent's credentials
- By revoking the original user token
- By administrative action
See Also¶
- Agent Authentication - Agent auth methods
- Verify Tokens - Validating delegated tokens