Agent Intent Authorization

Agent Intent Authorization
with Passkey-Backed Approval

Agent Intent Authorization introduces a plan-before-execute security layer for agentic systems. The agent surfaces its full execution plan before any action is taken. The user reviews and approves the intent with a Passkey, one cryptographic gesture that binds every action to the declared scope. If an action was not in the approved intent, it does not execute.

See the Flow
Watch Demo
Composable Stack

The Framework

Agent Intent Authorization

A new authorization layer for agentic systems built on open standards and TwoGenIdentity agentic frameworks. Before the agent does anything, it declares its full plan. The user reviews it, approves it with a single Passkey gesture, and a cryptographically bound token is issued. Every subsequent action is verified against that signed intent. The agent operates only within the approved scope, nothing more.

How It Works

Plan. Approve. Execute.

Intent Authorization enforces a strict plan-before-execute contract. The agent cannot act on anything the user has not explicitly reviewed and signed. Every step maps to a verifiable cryptographic boundary.

  1. 1

    User Describes the Task

    The user asks the agent to perform a set of operations, in natural language, inside any AI assistant or CLI tool.

  2. 2

    Agent Generates an Execution Plan

    Before taking any action, the agent surfaces its full list of intended operations: what actions, on what resources, in what locations.

  3. 3

    User Reviews the Intent

    The plan is presented inline, no browser redirect, no context switch. The user sees exactly what the agent intends to do and can cancel at any point.

  4. 4

    User Approves with a Passkey

    A single device-bound Passkey gesture cryptographically binds approval to the declared plan. One authentication, regardless of how many operations are in scope.

  5. 5

    Agent Executes Within Approved Scope Only

    Every action is verified against the signed intent. Anything outside the approved scope does not execute. The agent operates within cryptographically enforced boundaries.

agent · intent review
Plan generated
Approved
Executing

Execution Plan

3 actions approved and bound to signed intent:

disable_user user: alice urn:twogenidentity:mcp
revoke_sessions user: alice urn:twogenidentity:mcp
audit_log_export resource: logs/2025-05 urn:twogenidentity:mcp

Passkey approved · scope-bound token issued

3 actions authorized · out-of-scope actions blocked

Live Demo

See Agent Intent Authorization in Action

Full end-to-end demo of an agent orchestrator with A2A, MCP, and MCP Apps. The agent surfaces its execution plan, the user approves it with a Passkey, and every action is cryptographically verified against the signed intent.

Agent Intent Authorization: Full Demo

Agent Generates execution plan from user prompt
User Reviews intent inline, no browser redirect
User Approves with device-bound Passkey, one gesture
Done Scope-bound token issued · agent executes within signed intent

Composable Authorization

Combine Authorization Layers for Your Security Posture

Each authorization layer is independent and composable, like Lego blocks. Activate the layers that match the risk level of the operation. You are not locked into a single model.

1

OAuth Security

Standard access control via OAuth and OpenID Connect. The baseline for every agent operation.

Foundation
2

Intent Authorization

Pre-approve the full execution plan. Every action is cryptographically bound to the declared scope before the agent runs.

This Framework
3

Just-In-Time Agent Native Authorization

Runtime step-up authorization for sensitive actions, backed by Passkeys and Human-in-the-Loop.

ANA Framework Learn more

Why Agent Intent Authorization

A security-first approach to agentic execution. Agents earn the right to act. They do not assume it.

Plan Before Execute

The agent cannot act until the full execution plan has been reviewed and explicitly approved. No silent or implicit actions.

Scope-Bound Cryptographic Proof

Every action is verified against a signed intent token. Anything outside the approved scope is blocked before execution.

Passkey-Backed Approval

A single device-bound Passkey gesture approves all planned actions, phishing-resistant, non-replayable, and tied to the user's registered identity.

No Browser Redirect

Intent review and Passkey approval happen inline inside any AI assistant or CLI agent. No context switch, no friction.

Built on Open Standards

Built on open standards and TwoGenIdentity agentic frameworks. Interoperable, portable, and free from vendor lock-in.

Composable by Design

Layer Intent Authorization on top of OAuth Security or combine it with Just-In-Time Authorization. Each layer is independent. Activate what your security posture requires.

Explore the Full Platform

Agent Intent Authorization is part of the TwoGenIdentity composable authorization stack. Explore the ANA framework for Just-In-Time runtime authorization, the IA+ IAM Platform that powers both, and the AuthZEN MCP Gateway that enforces policy at every agent request.

ANA Framework
IA+ IAM Platform
AuthZEN MCP Gateway