Quickstart
Authenticate an agent in three lines. Under five minutes, end to end.
Core Concepts
DIDs, lineage, ACTs, and how the pieces fit together.
SDKs
Seven languages. Identical cryptographic behavior. One reference.
Authentication
OAAP handshake, session lifecycle, integration with existing IDPs.
The three layers
Identity — OAS
Every entity gets a
did:oas:* — a W3C DID cryptographically bound to an
Ed25519 keypair, with a signed lineage proof back to a human root.
Offline-verifiable.Authentication — OAAP
Four-step mutual authentication handshake. Transport-agnostic. HTTP,
WebSocket, gRPC, Weave P2P — same protocol, different wire.
Why this matters
Traditional auth assumes a human on the other end of the wire. Cookies, sessions, OAuth redirect flows — all designed around browsers and people. Autonomous agents don’t work that way. Agents have keypairs. They don’t have inboxes. They don’t approve consent screens. They act on behalf of humans and need to prove it cryptographically, not via shared secrets. OpenAgent gives you:Provable lineage
Provable lineage
Every agent chains back to a human via Ed25519-signed
AgentLineageProof2025 proofs. You can verify “this agent was created by
this human” without a network call.Protocol-agnostic auth
Protocol-agnostic auth
The OAAP handshake runs over any transport. One protocol spec, adapters
for HTTP, WebSocket, gRPC, libp2p — same security properties everywhere.
Enterprise-ready bridges
Enterprise-ready bridges
OIDC bridge maps human Okta/Auth0/Keycloak/Azure AD tokens into agent
DIDs. SCIM 2.0 provisioning keeps your directory in sync. Your existing
identity stack keeps working.
Zero telemetry
Zero telemetry
The SDK makes no outbound calls beyond the APIs you explicitly invoke.
No analytics, no phone-home, no surprises. Inspect the source.
What’s next
Install
Pick a language and authenticate in three lines.
Reference
Full API reference for every SDK.
Main site
Specification deep dives, narrative explainers, visual walkthroughs.