Request a Delegated Token
How the Agent Requests a Token
When the agent needs to perform an action, it requests a token from AuthSec, specifying only the permissions it needs for that particular task.
AuthSec checks the request against the agent's roles and allowed scopes, then issues a token. The token only includes permissions that meet all three conditions:
- Assigned to the agent through its roles
- Listed in the client's allowed scopes
- Requested by the agent in this specific call
If the agent asks for a permission it doesn't have, the request is rejected.
Verify the Agent's Permissions
You can verify the agent's permissions by:
- Decoding the token to inspect the agent's identity, assigned roles, and allowed scopes
- Using the AuthSec SDK in your application to check permissions before allowing an action