Skip to main content
QAuth Labs
OAuth 2.1 · Agent-Native AuthorizationCrypto-Agile · Apache 2.0

The OAuth 2.1 server
for the agent era

Open-source, self-hostable authorization for your apps, your APIs, and the AI agents acting on behalf of your users. On-behalf-of delegation, audience-bound tokens, MCP support validated end-to-end with Claude Code — on a crypto-agile core built for the post-quantum era.

#Self-host QAuth

git clone qauth-labs/qauth && cd qauth

# generate JWT keys, then:

docker compose up -d


# Delegate to an agent — on behalf of a user

curl -X POST http://localhost:3000/oauth/token -d grant_type=urn:ietf:params:oauth:grant-type:token-exchange -d subject_token=<user_token> -d audience=https://api.yourapp.com

OAuth 2.1
OIDC 1.0
PKCE
RFC 8693
RFC 9728
MCP

Platform

Built for what comes next

Everything you need to ship secure authentication — for your users, your services, and the agents acting on their behalf.

Agent-Native Authorization

RFC 8693 on-behalf-of delegation, ReadOnly / Admin / Exec scope modes, and step-up authentication before dangerous operations — for any agent calling any API, not just MCP. Audience-bound tokens keep delegated access scoped to exactly what it should touch.

RFC 8693 · Step-Up

MCP Out of the Box

RFC 9728 protected-resource metadata and dynamic client registration so MCP servers just work. Drop in @qauth-labs/mcp-guard and you have an authorization layer validated end-to-end with Claude Code.

RFC 9728 · mcp-guard

OAuth 2.1 & OIDC Core

Humans and services authenticate on the same server. Authorization code flow with PKCE, client_credentials for machine-to-machine, refresh token rotation, discovery, and JWKS — all standards-compliant, no shortcuts.

OAuth 2.1 · OIDC 1.0

Post-Quantum Ready

Crypto-agile interfaces let you swap signing algorithms without touching business logic. Ed25519 (EdDSA) ships today; ML-DSA-65 hybrid signatures are the long-term target — Phase 5, 2027.

Ed25519 · EdDSA

Headless & Self-Hosted

A full REST API with no mandatory UI — build your own branded login experience. One Docker Compose command gets you running on your own infrastructure: a single TypeScript/Fastify codebase, no telemetry, Apache 2.0 licensed.

REST API · Docker · Apache 2.0

Wallet Federation

eIDAS 2.0 EUDI Wallet support via OID4VC and SIOPv2 is the long-term platform we're building toward — verifiable credentials as a first-class upstream identity source, with no re-architecture required downstream.

OID4VC · SIOPv2 · Planned

Grants, side by side

Humansauthorization_code + PKCESession + refresh token
Servicesclient_credentialsScoped access token
Any client/.well-known/openid-configurationRegister + discover JWKS

The same server issues tokens for logins, service calls, and
delegated agents — one identity core, not three bolted together.

Core Protocol

One auth server,
every kind of client

Before an agent ever delegates anything, QAuth is a standards-compliant OAuth 2.1 and OIDC server: authorization code with mandatory PKCE for your users, client_credentials for your services, refresh token rotation, dynamic client registration, and discovery. No legacy implicit flow, no proprietary SDK required — agent delegation and MCP support are built on top of this same core.

PKCE

Mandatory on every authorization code flow

DCR

RFC 7591 dynamic client registration

JWKS

Rotating keys via the discovery endpoint

OIDC

Standard identity layer, no proprietary claims

Delegation flow

DelegateUserToken Exchange (RFC 8693)JWT { sub: user, act: agent, aud: resource }
Blast radiusReadOnlyAdminExec
Step-upExec + dangerous opFresh human approval

Audience-bound tokens keep an agent scoped to the one
resource it was delegated for — nothing else is reachable.

Agent Authorization

Agents act. Your auth server
answers for them.

Agent auth isn't user auth with extra steps. A token has to say "agent X acting for user Y," not just one subject — composite identity, not a single claim. Agents can't file a ticket for a client ID either, so onboarding has to happen at machine speed via dynamic client registration and discovery. And a dev agent should never be able to touch prod — authorization has to be environment-aware by default. This isn't a roadmap item: it's shipped today, proven end-to-end with Claude Code, and it works the same whether you're fronting an MCP server or a plain REST API.

RFC 8693

On-behalf-of token exchange

3 modes

ReadOnly / Admin / Exec blast-radius caps

Step-up

Human-in-the-loop before dangerous ops

aud

Tokens bound to a single resource

Quickstart

Auth that gets out
of your way

Self-host QAuth with Docker Compose, then protect your resource servers — MCP or plain REST — with standards-based OAuth 2.1: RFC 9728 discovery, dynamic client registration, and PKCE. No proprietary SDK required.

1

Self-host with Docker

Clone the repo and run docker compose up -d to start QAuth with PostgreSQL and Redis. Interactive API docs ship at /docs.

2

Protect any resource server

Register @qauth-labs/mcp-guard for MCP servers, or verify bearer tokens against JWKS directly for a plain REST API. Same audience-bound tokens either way.

3

Let any client authenticate

MCP clients like Claude Code discover your authorization server, register dynamically, and complete authorization_code with PKCE. Services skip the redirect and use client_credentials instead.

import Fastify from 'fastify'

import { mcpGuardPlugin } from '@qauth-labs/mcp-guard'


const app = Fastify()


// Protect your MCP resource server — audience-bound tokens only

await app.register(mcpGuardPlugin, {

  resource: 'https://mcp.yourapp.com',

  authorizationServer: 'https://auth.yourapp.com',

  requiredScopes: ['documents:read'],

})


app.get('/mcp', { preHandler: app.requireBearer }, async (request) => {

  // request.tokenClaims — verified signature, issuer, audience, scope

  return { tools: listTools() }

})


// No token → 401 Unauthorized

// WWW-Authenticate: Bearer resource_metadata=

// "https://mcp.yourapp.com/.well-known/oauth-protected-resource"


// The MCP client (e.g. Claude Code) discovers your auth server from

// that document, registers via CIMD or RFC 7591, then runs

// authorization_code + PKCE for an audience-bound access token.


// Authorization: Bearer <token> → mcp-guard verifies it → 200 OK

# Plain OAuth 2.1 — no MCP, no agent, just your service

curl -X POST https://auth.yourapp.com/oauth/token -d grant_type=client_credentials -d scope=documents:read

Hybrid signing flow

Phase 1Ed25519JWT (64 B sig)CURRENT
Phase 5Ed25519ML-DSA-65Hybrid JWT
FutureML-DSA-65PQC-only JWT

Reference tokens with RFC 7662 introspection mitigate
the 3,309 B signature size during hybrid transition.

Security

Quantum-resistant
by architecture

Not a checkbox. A crypto-agile core that evolves with NIST standards — so your tokens stay secure when quantum computers arrive.

Level 3

NIST security level (192-bit)

FIPS 204

ML-DSA standard

0 LOC

Business logic changes to upgrade

Dual-sig

Classical + PQC composite

Deploy

Open-source,
self-hostable

QAuth is open-source and designed for self-hosting. A managed cloud offering is planned for a future phase.

Available Now

Self-Hosted

Complete data sovereignty. Run on your own infrastructure — no telemetry, no phone-home. Apache 2.0 licensed.

git clone qauth-labs/qauth \

&& cd qauth && docker compose up -d

Planned · Future Phase

Cloud Managed

Managed hosting with custom domains, zero DevOps, and a developer dashboard. Not yet available — no SDK or hosted backend ships today.

Follow progress on GitHub

Why QAuth

Built to last, built to fit

No bloated dependency, no rigid flows, no expiration date. QAuth is designed to stay lightweight, adaptable, and secure for the long haul.

Lightweight

Unlike bloated identity platforms, self-host QAuth with a single docker compose up. Protecting an MCP server? Drop in @qauth-labs/mcp-guard — one integration path among several.

Fully Customizable

No rigid flows or pre-built components. Build your login experience in React, Vue, or Vanilla.

Built for the Long Haul

Crypto-agile by design today, with ML-DSA-65 post-quantum hybrid signing targeted for 2027. Your integration stays stable as cryptography evolves.

Join the Revolution

QAuth is open-source and self-hostable today. Want a hosted, zero-DevOps version? Join the list for early access when Auth as a Service ships.

No spam. Unsubscribe anytime.

Ready to ship?

Stop maintaining auth. Self-host OAuth 2.1 for humans, services, and AI agents — audience-bound tokens, on-behalf-of delegation, and a crypto-agile core, from day one.