The OAuth 2.1 server
for the agent era
Open-source, self-hostable authorization for your apps, your APIs, and the AI agents acting on behalf of your users. On-behalf-of delegation, audience-bound tokens, MCP support validated end-to-end with Claude Code — on a crypto-agile core built for the post-quantum era.
#Self-host QAuth
❯ git clone qauth-labs/qauth && cd qauth
# generate JWT keys, then:
❯ docker compose up -d
# Delegate to an agent — on behalf of a user
❯ curl -X POST http://localhost:3000/oauth/token -d grant_type=urn:ietf:params:oauth:grant-type:token-exchange -d subject_token=<user_token> -d audience=https://api.yourapp.com
Platform
Built for what comes next
Everything you need to ship secure authentication — for your users, your services, and the agents acting on their behalf.
Agent-Native Authorization
RFC 8693 on-behalf-of delegation, ReadOnly / Admin / Exec scope modes, and step-up authentication before dangerous operations — for any agent calling any API, not just MCP. Audience-bound tokens keep delegated access scoped to exactly what it should touch.
MCP Out of the Box
RFC 9728 protected-resource metadata and dynamic client registration so MCP servers just work. Drop in @qauth-labs/mcp-guard and you have an authorization layer validated end-to-end with Claude Code.
OAuth 2.1 & OIDC Core
Humans and services authenticate on the same server. Authorization code flow with PKCE, client_credentials for machine-to-machine, refresh token rotation, discovery, and JWKS — all standards-compliant, no shortcuts.
Post-Quantum Ready
Crypto-agile interfaces let you swap signing algorithms without touching business logic. Ed25519 (EdDSA) ships today; ML-DSA-65 hybrid signatures are the long-term target — Phase 5, 2027.
Headless & Self-Hosted
A full REST API with no mandatory UI — build your own branded login experience. One Docker Compose command gets you running on your own infrastructure: a single TypeScript/Fastify codebase, no telemetry, Apache 2.0 licensed.
Wallet Federation
eIDAS 2.0 EUDI Wallet support via OID4VC and SIOPv2 is the long-term platform we're building toward — verifiable credentials as a first-class upstream identity source, with no re-architecture required downstream.
Grants, side by side
The same server issues tokens for logins, service calls, and
delegated agents — one identity core, not three bolted together.
Core Protocol
One auth server,
every kind of client
Before an agent ever delegates anything, QAuth is a standards-compliant OAuth 2.1 and OIDC server: authorization code with mandatory PKCE for your users, client_credentials for your services, refresh token rotation, dynamic client registration, and discovery. No legacy implicit flow, no proprietary SDK required — agent delegation and MCP support are built on top of this same core.
PKCE
Mandatory on every authorization code flow
DCR
RFC 7591 dynamic client registration
JWKS
Rotating keys via the discovery endpoint
OIDC
Standard identity layer, no proprietary claims
Delegation flow
Audience-bound tokens keep an agent scoped to the one
resource it was delegated for — nothing else is reachable.
Agent Authorization
Agents act. Your auth server
answers for them.
Agent auth isn't user auth with extra steps. A token has to say "agent X acting for user Y," not just one subject — composite identity, not a single claim. Agents can't file a ticket for a client ID either, so onboarding has to happen at machine speed via dynamic client registration and discovery. And a dev agent should never be able to touch prod — authorization has to be environment-aware by default. This isn't a roadmap item: it's shipped today, proven end-to-end with Claude Code, and it works the same whether you're fronting an MCP server or a plain REST API.
RFC 8693
On-behalf-of token exchange
3 modes
ReadOnly / Admin / Exec blast-radius caps
Step-up
Human-in-the-loop before dangerous ops
aud
Tokens bound to a single resource
Quickstart
Auth that gets out
of your way
Self-host QAuth with Docker Compose, then protect your resource servers — MCP or plain REST — with standards-based OAuth 2.1: RFC 9728 discovery, dynamic client registration, and PKCE. No proprietary SDK required.
Self-host with Docker
Clone the repo and run docker compose up -d to start QAuth with PostgreSQL and Redis. Interactive API docs ship at /docs.
Protect any resource server
Register @qauth-labs/mcp-guard for MCP servers, or verify bearer tokens against JWKS directly for a plain REST API. Same audience-bound tokens either way.
Let any client authenticate
MCP clients like Claude Code discover your authorization server, register dynamically, and complete authorization_code with PKCE. Services skip the redirect and use client_credentials instead.
import Fastify from 'fastify'
import { mcpGuardPlugin } from '@qauth-labs/mcp-guard'
const app = Fastify()
// Protect your MCP resource server — audience-bound tokens only
await app.register(mcpGuardPlugin, {
resource: 'https://mcp.yourapp.com',
authorizationServer: 'https://auth.yourapp.com',
requiredScopes: ['documents:read'],
})
app.get('/mcp', { preHandler: app.requireBearer }, async (request) => {
// request.tokenClaims — verified signature, issuer, audience, scope
return { tools: listTools() }
})
// No token → 401 Unauthorized
// WWW-Authenticate: Bearer resource_metadata=
// "https://mcp.yourapp.com/.well-known/oauth-protected-resource"
// The MCP client (e.g. Claude Code) discovers your auth server from
// that document, registers via CIMD or RFC 7591, then runs
// authorization_code + PKCE for an audience-bound access token.
// Authorization: Bearer <token> → mcp-guard verifies it → 200 OK
# Plain OAuth 2.1 — no MCP, no agent, just your service
❯ curl -X POST https://auth.yourapp.com/oauth/token -d grant_type=client_credentials -d scope=documents:read
Hybrid signing flow
↓ Reference tokens with RFC 7662 introspection mitigate
the 3,309 B signature size during hybrid transition.
Security
Quantum-resistant
by architecture
Not a checkbox. A crypto-agile core that evolves with NIST standards — so your tokens stay secure when quantum computers arrive.
Level 3
NIST security level (192-bit)
FIPS 204
ML-DSA standard
0 LOC
Business logic changes to upgrade
Dual-sig
Classical + PQC composite
Deploy
Open-source,
self-hostable
QAuth is open-source and designed for self-hosting. A managed cloud offering is planned for a future phase.
Self-Hosted
Complete data sovereignty. Run on your own infrastructure — no telemetry, no phone-home. Apache 2.0 licensed.
❯ git clone qauth-labs/qauth \
&& cd qauth && docker compose up -d
Cloud Managed
Managed hosting with custom domains, zero DevOps, and a developer dashboard. Not yet available — no SDK or hosted backend ships today.
Follow progress on GitHubWhy QAuth
Built to last, built to fit
No bloated dependency, no rigid flows, no expiration date. QAuth is designed to stay lightweight, adaptable, and secure for the long haul.
Join the Revolution
QAuth is open-source and self-hostable today. Want a hosted, zero-DevOps version? Join the list for early access when Auth as a Service ships.
Ready to ship?
Stop maintaining auth. Self-host OAuth 2.1 for humans, services, and AI agents — audience-bound tokens, on-behalf-of delegation, and a crypto-agile core, from day one.