Trevor McFedries

auth.md — Open Protocol for Agent Registration

Trevor McFedries

auth.md standardizes how AI agents register with apps, discover supported flows, request scopes, and receive secure user-scoped credentials.

File type
Web page
Queried
0
Source
workos.com

Full article

Showing the full article.

# md — Open Protocol for Agent Registration md [D]Docs[C]Changelog[G]GitHub # md Enable agents to register users without the sign-up form. md provides secure agent registration that any app can implement. Make your app agent ready ~/projects/notes-app — opencode Verified Agent verified Claimed User claimed Looks like your app is almost finished. What would you like to do today? Deploy my app to Add Firecrawl scraping to my Add auth with WorkOS AuthKit Tap an option↑↓ to navigate · ↵ to select ## Adopted by * Add your app ## Get started Make your app agent-ready For services that want agents to register users on behalf of their customers.

Read the apps guide→ Become an identity provider For platforms whose agents act on behalf of users. Read the provider guide→ One-click enable with AuthKit Get in touch to enable md on your account. Get early access→ ## FAQs * What is A Markdown file an application hosts at its domain — md`— that tells agents how to register on behalf of a user. It includes which flows are supported, which scopes exist, and how to register for the See the file format. * How does an agent register a user with my The agent fetches your

md`, picks a supported flow, and either presents a verified identity assertion (agent verified flow) or walks the user through a code-confirmation claim (user claimed flow). You stay in control of which flows you accept and what credentials get Read the apps guide. * What's the difference between the agent verified and user claimed Agent verified is agent-attested — the agent's identity provider vouches for the user, no human in the loop. User claimed needs no provider — the agent shows the user a code, they sign in and confirm it. Most apps support both and let the agent pick the right

Agent verified·User claimed. * What credentials get issued to the A scoped access token tied to the user — short-lived and revocable. It's issued over standard OAuth, so you reuse the API auth you already have. * Is md a WorkOS only feature or an open It's open. WorkOS authors the protocol, md`isn't tied to WorkOS infrastructure — it composes existing OAuth standards (Protected Resource Metadata, ID-JAG identity assertions) and any app can publish or any agent can read one with no WorkOS account See the protocol on GitHub. ## Contact us We're shaping md with early adopters.

Tell us what you're building, ask a question, or share feedback. [redacted email] © 2026 WorkOS Go to com

Want to learn more?