BotBeat
...
← Back

> ▌

AnthropicAnthropic
OPEN SOURCEAnthropic2026-07-13

Agentgateway Opensources Token Exchange, JWT Assertion, and Microsoft Entra OBO Authentication

Key Takeaways

  • ▸Enterprise agents can now securely call downstream APIs and MCP servers by exchanging identity for credentials rather than handling secrets directly
  • ▸Support for three authentication standards (RFC 8693, RFC 7523, and Microsoft Entra OBO) covers both cloud-native and legacy enterprise environments
  • ▸Credential injection is handled transparently by the infrastructure, preventing accidental exposure of secrets in model conversations or logs
Source:
Hacker Newshttps://agentgateway.dev/blog/2026-07-12-agentgateway-token-exchange-jwt-assertion-entra-obo/↗

Summary

Agentgateway has opensourced three new backend authentication capabilities under its oauthTokenExchange framework: RFC 8693 token exchange, RFC 7523 JWT assertion (jwt-bearer), and Microsoft Entra on-behalf-of (OBO) flows. These additions enable secure credential injection for agents calling downstream APIs and MCP servers without exposing sensitive secrets to AI models or across agent boundaries.

The implementation addresses a critical enterprise security pattern: instead of passing API credentials directly to agents, the gateway exchanges user or agent identity for the appropriate secrets, tokens, or API keys via standardized OAuth flows. This keeps sensitive credentials out of model conversations and log files while maintaining proper authorization boundaries.

The release includes support for RFC 8693 token exchange (the default), JWT bearer grants (RFC 7523) compatible with authorization servers like Keycloak, and Microsoft Entra's provider-specific OBO flow. Each flow supports optional advanced features like delegation tokens, resource indicators, and configurable credential sources. Runnable examples are provided for each authentication pattern.

Editorial Opinion

This is a pragmatic security infrastructure improvement that addresses real enterprise concerns about deploying AI agents safely. By standardizing credential exchange patterns and supporting both RFC standards and Microsoft's proprietary flows, Agentgateway reduces the attack surface for agent deployments. The emphasis on keeping secrets away from models and agent boundaries reflects the maturing security posture of enterprise AI—infrastructure-first thinking that treats agents as first-class citizens with proper identity and authorization, not just code that happens to use APIs.

AI AgentsMLOps & InfrastructureCybersecurityAI Safety & AlignmentOpen Source

More from Anthropic

AnthropicAnthropic
PARTNERSHIP

Musk Reverses on Anthropic as SpaceX Inks $15B/Year Compute Deal

2026-07-13
AnthropicAnthropic
INDUSTRY REPORT

Anthropic's $65 Billion Raise Caps Record Year for California's $335 Billion VC Boom

2026-07-13
AnthropicAnthropic
RESEARCH

Device Context Protocol: Lightweight Standard for LLM Agents to Control Physical Devices

2026-07-13

Comments

Suggested

OpenAIOpenAI
RESEARCH

SociaLLM Engineering: A New Threat Vector Against AI Agents

2026-07-13
Mistral AIMistral AI
INDUSTRY REPORT

Mistral Receives Failing Grade in FLI Summer 2026 AI Safety Index

2026-07-13
AmazonAmazon
POLICY & REGULATION

Senator Warner Introduces AI AGENT Act: First Federal Legislation on Agentic AI Systems

2026-07-13
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us