@techreport{rosenberg-oauth-aauth-01, number = {draft-rosenberg-oauth-aauth-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-rosenberg-oauth-aauth/01/}, author = {Jonathan Rosenberg and Pat White}, title = {{AAuth - Agentic Authorization OAuth 2.1 Extension}}, pagetotal = 10, year = 2025, month = oct, day = 19, abstract = {This document defines the Agent Authorization Grant, an OAuth 2.1 extension allowing a class of Internet applications - called AI Agents - to obtain access tokens in order to invoke web-based APIs on behalf of their users. In the use cases envisaged here, users interact with AI Agents through communication channels - the Public Switched Telephone Network (PSTN) or texting - which do not permit traditional OAuth grant flows. Instead, AI agents collect Personally Identifying Information (PII) through natural language conversation, and then use that collected information to obtain an access token with appropriately constrained scopes. A primary considering is ensuring that the Large Language Model (LLM) powering the AI Agent cannot, through hallucination, result in impersonation attacks.}, }