New: cryptographic identity for AI agents

Secure identity for
AI agents and MCP servers.

Every agent gets a signed, short-lived identity with scoped capabilities, budget limits, and human approval for anything sensitive. Every user signs in with passkeys, social providers, or their company SSO. Built on open standards, so your existing OIDC library already works.

Get Started See agent security
Free up to 1,000 users Open standards, no lock-in No credit card required

Built on open standards

AI agents and MCP

Your agents are not your users.

API keys cannot carry capability claims, enforce budgets, or pause for human approval. LumoAuth gives every agent a cryptographic identity and a live permission channel, so autonomous code runs with the same accountability you expect from a human user.

Cryptographic agent identity

Every agent holds its own Ed25519 key and presents a signed, short-lived token on every call. Capabilities ride in the token claims. Audience, scope, and expiry are verified server-side, so a stolen token is useless 300 seconds later.

Just-in-time permissions

Pre-approve the safe scopes. For anything sensitive the agent pauses, sends a plain-English justification, and waits. The owner approves or denies from a push notification on their phone. The agent resumes with exactly the scope you granted.

MCP server authorization

Register MCP servers as protected resources. Agents read a single /.well-known URL, learn the scopes they need, and exchange for a scoped token. No hardcoded credentials, no custom handshake, no "allow all tools" escape hatch.

Execution timeline

Every agent run produces a structured record: each tool call, token issued, permission requested, risk event fired. Inspect it in the observability dashboard or stream it to your SIEM.

lumoauth: mcp server discovery 
# 1. Agent discovers protected resource
GET https://tools.acme.com/.well-known/oauth-protected-resource

# → Server responds with auth metadata
{
  "resource": "https://tools.acme.com",
  "authorization_servers": ["https://auth.acme.com/api/v1/.well-known/oauth-authorization-server"],
  "scopes_supported": [
    "tool:search_web",
    "tool:send_email",
    "tool:read_file"
  ],
  "bearer_methods_supported": ["header"]
}

# 2. Agent requests scoped token
token = agent.request_token(
    resource="https://tools.acme.com",
    scope="tool:search_web",
)

# 3. Agent calls the tool. Token is bound to this agent.
agent.call_tool(token, "search_web", query="...")

# 4. Owner revokes the agent. The revocation event
#    propagates to tools.acme.com in under a second.
#    Next call returns 401.

Security guarantees

  • Signed, short-lived agent tokens (Ed25519)
  • Least-privilege scopes on every call
  • Hard budget caps enforced at the server
  • Immutable audit log and execution timeline
  • Human approval for any privilege escalation
  • Live revocation in under a second
Use cases

One platform. Every auth scenario.

Secure autonomous AI agents, protect MCP servers, ship B2B login in an afternoon, or migrate off an incumbent without rewriting your app. Pick the scenario that matches your day.

Secure AI agents

API keys were never built for software that acts on its own. A stolen key has no scope, no expiry you can change, and no way to ask a human "is this okay?". LumoAuth gives every agent a signed, short-lived, capability-bound identity.

Cryptographic agent identity

Each agent holds its own Ed25519 key. Tokens are signed, audience-bound, and expire in minutes. A stolen token is useless 300 seconds later.

Just-in-time permissions

Pre-approve the safe scopes. For anything sensitive the agent pauses, sends a plain-English justification, and waits for a decision.

Human approval on your phone

Approve or deny from a push notification. The agent resumes with the exact scope you granted, nothing more. Every decision is signed and logged.

Hard budget limits

Cap tool calls, token spend, and wall time per task. Enforced at the authorization server, so prompt injection cannot raise them.

Read the agent security guide
Platform features

The full stack, not a subset.

Most auth platforms treat enterprise SSO, directory sync, fine-grained access, GDPR tooling, and agent security as paid add-ons. We ship all of them in every plan.

Agent identity

Agents

Every AI agent gets a signed, short-lived token with scoped capabilities, hard budget caps, and a live channel for human approval when it needs more.

MCP authorization

MCP

Sit in front of your MCP tools as the authorization server. Agents discover scopes from one well-known URL and receive tokens that permit one tool at a time.

Universal sign-in

OIDC

Every grant type you actually need: browser code flows, device and TV flows, machine-to-machine, out-of-band approval, and token exchange. Any OIDC library works.

Passkeys

Passwordless

Phishing-proof sign-in with Face ID, Touch ID, Windows Hello, and hardware keys. No passwords to leak, no OTP codes to intercept, no reset emails to send.

Enterprise SSO

SSO

Let customers sign in from their own Okta, Entra, or Google Workspace. Act as their identity provider for downstream apps. Inbound and outbound SSO in one tenant.

Directory sync

Provisioning

Auto-provision users from customer directories. The moment HR offboards someone, their sessions, tokens, and access grants are gone everywhere they were issued.

Plain-English policies

Authorization

"Users can edit documents shared with their team, weekdays only, from the corporate network." The AI compiles that sentence into a live policy evaluated per request.

Risk-based MFA

Adaptive

Step up authentication only when the signal calls for it: impossible travel, new device fingerprint, anonymizer network, or a tenant-defined rule you wrote yourself.

View all features
quickstart: 5 minutes to auth 
# 1. Install the SDK
$ npm install @lumoauth/sdk

# 2. Configure
import { LumoAuth } from '@lumoauth/sdk';
const lumo = new LumoAuth(fromEnv());

# 3. Protect a route
app.get('/api/me',
  lumo.requireAuth(),
  (req, res) => res.json(req.user)
);

# 4. Check a permission
const allowed = await lumo.check({
  subject:    req.user.id,
  permission: 'billing:view_invoices',
  resource:   `org:${orgId}`,
});

# Decision returns in under a millisecond.
Developer experience

Start in 5 minutes. Not 5 days.

Typed SDKs. A full OpenAPI spec. Test tokens straight from the dashboard. Plain-English policy authoring. Standard discovery, so any library in any language talks to it.

TypeScript and Python SDKs

Fully typed, auto-generated from the OpenAPI spec. IntelliSense everywhere. Agent SDKs for both languages out of the box.

Test token generator

Mint a signed token from the dashboard for any user, agent, or scope. Debug without clicking through a full sign-in flow.

Plain-English policies

Write "only approvers in the finance org can release payments over $10k" and the AI compiles it into a live, tested policy.

Permission tester

Ask "can this user do this action on this resource?" in the dashboard. See the decision and the exact rules that fired. No guessing, no redeploying.

Standard discovery

Every tenant serves the OpenID Connect discovery document. Any library in any language talks to it without a custom adapter.

AI-generated login pages

Paste your site URL. The AI extracts your brand and generates a hosted login page that looks like it belongs to you. Or drop in your own HTML.

Read the docs 5-minute quickstart
From the blog

Field notes on identity & agents.

All posts
Uncategorized

Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

lumoauth_dp4zb3 Read

Ship secure auth for users and agents. This week.

Free up to 1,000 users and unlimited dev-mode agents. Everything is an open standard, so migrating in (or out) is a config change, not a rewrite.

Get Started Read the docs