Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicvznw6lrwxvlrsh5avtetuwxutc7fdylp5emnpxkmcihxuctqjaq",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3mh4bxr7rvv22"
  },
  "path": "/t/open-authorization-protocol-for-openai-agents-scoped-permissions-instead-of-api-keys/1376789#post_1",
  "publishedAt": "2026-03-15T14:00:28.000Z",
  "site": "https://community.openai.com",
  "tags": [
    "GitHub - mishrasanjeev/grantex: grantex is the identity, authorization, and audit infrastructure for AI agents — the \"OAuth moment\" for the agentic internet. We provide a universal SDK and cloud service that lets any AI agent act on behalf of a human with scoped, revocable permissions, cryptographic identity, and an immutable audit trail. Developers integrate in minutes. · GitHub",
    "https://docs.grantex.dev",
    "Playground — Grantex | Try AI Agent Authorization Live"
  ],
  "textContent": "I’ve been building agents with the OpenAI Agents SDK and kept hitting the same\nauthorization problem: when an agent acts on behalf of a user (reads files, sends\nemails, makes purchases), how do you control what it’s actually allowed to do?\n\nMost of us just pass API keys or hardcode credentials. The agent gets full access\nto everything. No scoping, no user consent, no audit trail, no way to revoke one\nagent without rotating keys for all of them.\n\nI built Grantex to solve this — it’s an open authorization protocol (Apache 2.0)\ndesigned specifically for AI agents. There’s a native OpenAI Agents SDK integration:\n\n\n      pip install grantex-openai-agents\n\n\nWhat it gives you:\n\n  * User consents to specific scopes for a specific agent (e.g. calendar:read, email:send)\n  * Agent gets a signed JWT — time-limited, revocable, offline-verifiable via JWKS\n  * Delegation chains — Agent A can delegate to Agent B with narrower scopes\n  * Budget controls — hard spending limits per agent, 402 if exceeded\n  * Full audit trail of every action\n\n\n\nQuick example with the Agents SDK:\n\n\n      from grantex_openai_agents import GrantexTool\n      from agents import Agent\n\n      agent = Agent(\n          name=\"assistant\",\n          tools=[GrantexTool(scopes=[\"calendar:read\", \"email:send\"])],\n      )\n\n\nThe protocol has an IETF Internet-Draft submitted to the OAuth Working Group,\nNIST NCCoE filing, and SOC 2 Type I certification.\n\nAlso has integrations for LangChain, CrewAI, Google ADK, Vercel AI, AutoGen,\nExpress.js, FastAPI, MCP, and Terraform. TypeScript, Python, and Go SDKs.\n\nGitHub: GitHub - mishrasanjeev/grantex: grantex is the identity, authorization, and audit infrastructure for AI agents — the \"OAuth moment\" for the agentic internet. We provide a universal SDK and cloud service that lets any AI agent act on behalf of a human with scoped, revocable permissions, cryptographic identity, and an immutable audit trail. Developers integrate in minutes. · GitHub\nDocs: https://docs.grantex.dev\nPlayground: Playground — Grantex | Try AI Agent Authorization Live\n\nCurious how others here are handling agent authorization — are you rolling your\nown, or just living with API keys?",
  "title": "Open authorization protocol for OpenAI Agents — scoped permissions instead of API keys"
}