Skip to content

v0.2.0 Release Notes

Release Date: 2026-05-11

This release adds the AAuth protocol for AI agent authentication and the Zitadel adapter for production integration with OIDC infrastructure.

Highlights

  • AAuth Protocol: HTTP message signatures (RFC 9421) with token exchange for AI agent authentication
  • Zitadel Adapter: Production-ready integration with Zitadel for ID-JAG, AIMS, and AAuth protocols
  • Unified Navigation: AIStandards.io navbar integration across documentation site
  • Module Rename: Repository moved to github.com/aistandardsio/agent-protocols

New Packages

aauth

Agent Authentication protocol implementing draft-hardt-oauth-aauth-protocol.

Components:

Component Description
Agent Client with automatic HTTP request signing
Transport http.RoundTripper for transparent signing
AuthServer Token exchange and JWKS endpoints
ResourceServer Middleware for token validation
Discovery Metadata retrieval client

Features:

  • HTTP message signatures per RFC 9421
  • Token types: aa-agent+jwt and aa-auth+jwt
  • Human-to-agent delegation via Person Server
  • Proof-of-possession with cnf claim

Example:

import "github.com/aistandardsio/agent-protocols/aauth"

// Create agent with cryptographic identity
agentID, _ := aauth.NewAAuthID("calendar-bot", "example.com")
agent, _ := aauth.NewAgent(agentID, privateKey)

// Use automatic signing transport
client := &http.Client{Transport: agent.Transport(nil)}
resp, _ := client.Get("https://api.example.com/events")

adapters/zitadel

Integration with Zitadel OIDC infrastructure.

Components:

Component Description
TokenExchanger RFC 8693 token exchange for ID-JAG assertions
JWTProfileSource oauth2.TokenSource for JWT profile grants
Verifier Token verification using JWKS for all protocols
Middleware HTTP middleware for token validation

Why Zitadel:

  • Written in Go (75%)
  • Native RFC 8693 token exchange support
  • JWT Profile (RFC 7523) support
  • OpenID Foundation certified
  • Battle-tested zitadel/oidc library

Installation

go get github.com/aistandardsio/agent-protocols@v0.2.0

Quick Start

Token Exchange

import "github.com/aistandardsio/agent-protocols/adapters/zitadel"

exchanger, _ := zitadel.NewTokenExchanger("https://your-instance.zitadel.cloud")
resp, _ := exchanger.ExchangeAssertion(ctx, signedAssertion,
    zitadel.WithScope("openid profile"),
)

Token Verification

verifier, _ := zitadel.NewVerifier("https://your-instance.zitadel.cloud")

// Verify any protocol
assertion, _ := verifier.VerifyIDJAGAssertion(ctx, token)
wit, _ := verifier.VerifyAIMSWIT(ctx, token)
agentToken, _ := verifier.VerifyAAuthAgentToken(ctx, token)

HTTP Middleware

verifier, _ := zitadel.NewVerifier("https://your-instance.zitadel.cloud")

http.Handle("/api/", zitadel.RequireIDJAG(verifier, opts).Handler(handler))
http.Handle("/workload/", zitadel.RequireAIMS(verifier, opts).Handler(handler))
http.Handle("/agent/", zitadel.RequireAAuth(verifier, opts).Handler(handler))

Examples

Run the self-contained demos:

AAuth Protocol:

go run ./aauth/examples/simple       # Agent authentication
go run ./aauth/examples/delegation   # Human-to-agent delegation
go run ./aauth/examples/exchange     # Token exchange flow

Zitadel Adapter:

go run ./adapters/zitadel/examples/idjag  # ID-JAG token exchange
go run ./adapters/zitadel/examples/aims   # AIMS WIT verification
go run ./adapters/zitadel/examples/aauth  # AAuth agent authentication

Documentation

AAuth:

Zitadel Adapter:

Dependencies

Added:

  • golang.org/x/oauth2 - For oauth2.TokenSource interface

Breaking Changes

None.

Migration from v0.1.0

No migration required. This release only adds new packages.

What's Next

  • v0.3.0: Production demos with Docker Compose
  • v0.4.0: SharkAuth adapter
  • v0.5.0: Ory adapter

Contributors

References

AAuth:

Zitadel: