Protocol Explorer
An interactive walkthrough of the AAuth protocol. Pick a scenario, step through the requests, and see the real headers and tokens at each hop.
The four participants
Every scenario involves some subset of these roles. Use the sidebar to drill into each area.
Makes signed requests, holds keys, proposes missions
Protected API; issues resource tokens, verifies auth
Represents the user; manages missions, federates to AS
Issues auth tokens; enforces resource access policy
Three layers
AAuth stacks identity proof, authorization against resources, and optional mission governance. Each layer links to comparison or entry pages; the sidebar lists every scenario.
Identity
How an agent cryptographically proves who it is on every request — from pseudonymous keys (no account) to agent tokens that bind a signing key to an identifier. Built on HTTP Message Signatures and the Signature-Key header.
Resource access
How a protected API decides what the agent may do — from identity-only access through two-party flows, three-party flows with a Person Server, and four-party federation with an Access Server.
Mission
Optional governance: the agent proposes a mission; the Person Server approves, scopes permissions, and threads mission context through tokens. Also covers delegation across resources and advanced interaction patterns.
Spec reference
How AAuth profiles RFC 9421 and the Signature-Key draft