Auth0

Identity-as-a-service platform, part of Okta. Classic strength: OAuth/OIDC for web apps. Expanding in 2026 into Auth for AI — a family of features specifically designed for agents, MCP servers, and autonomous systems.

Shipped features (AI Engineer 2026 release)

• token-vault — persistent, managed refresh-token store for upstream providers (Google, Slack, Facebook, etc.); handles token exchange + lifetime
• async-auth-ciba — agent-initiated authorization requiring out-of-band user approval (Client-Initiated Backchannel Authentication)
• MCP support — MCP-server-as-client pattern with dynamic-client-registration (DCR)
• Custom API clients — link APIs to clients, model them as agent-client or MCP-server-client
• Rich Authorization Request (RAR) — structured consent objects with canonical schema for rendering in approval UIs
• Fine-grained access (FGA) — open-source; role-based access control for tools/pages (separate talk)

Positioning

Auth0 models agent = client, MCP server = (also) client, upstream APIs = resource servers. Everything slots into traditional OAuth semantics so existing knowledge transfers.

Sibling: Okta covers the enterprise/employee angle — "the employee is not only acting on their own behalf, they're representing the company." Okta + Auth0 cover both sides of the identity handshake for agentic systems.

Cross-references

• patrick-riley, carlos-galan — speakers
• auth-for-ai-four-pillars — the product vision
• token-vault, async-auth-ciba, agent-as-oauth-client — feature pages