Quickstart

Add “Sign in with AgentKeychain” to your app. Pick the path that matches your stack — if you already use an OIDC-compatible auth library, setup is a single discovery URL.

1. Register your client

Create a client in the AgentKeychain developer dashboard. You’ll get a client_id, a client_secret, and a list of allowed redirect URIs. Drop them into your environment:

AGENT_KEYCHAIN_CLIENT_ID=akc_client_...
AGENT_KEYCHAIN_CLIENT_SECRET=akc_secret_...

2. Point your auth library at our discovery URL

AgentKeychain publishes a standard OIDC discovery document. Your library reads it once and derives every endpoint (authorize, token, userinfo, JWKS) automatically.

GET https://agentkeychain.com/.well-known/openid-configuration

Configure AgentKeychain as a provider:

// app/api/auth/[...nextauth]/route.ts
import NextAuth from "next-auth";

export const { handlers, auth } = NextAuth({
  providers: [
    {
      id: "agentkeychain",
      name: "AgentKeychain",
      type: "oidc",
      issuer: "https://agentkeychain.com",
      clientId: process.env.AGENT_KEYCHAIN_CLIENT_ID,
      clientSecret: process.env.AGENT_KEYCHAIN_CLIENT_SECRET,
      authorization: { params: { scope: "openid profile" } },
    },
  ],
});

3. Render the branded button (optional)

Your library handles the protocol, but you can still drop in the official “Sign in with AgentKeychain” button for consistent branding. Install @agentkeychain/web and import AgentKeychainButton from the /react entry point — no client needed, just an onClick:

npm install @agentkeychain/web
"use client";
import { AgentKeychainButton } from "@agentkeychain/web/react";
import { signIn } from "next-auth/react";

export function LoginButton() {
  return (
    <AgentKeychainButton
      onClick={() => signIn("agentkeychain")}
    />
  );
}

4. Read the ID token

Your library verifies the ID token via our JWKS endpoint and hands you the claims. The ones you care about:

// claims from the verified ID token
const agentId   = claims["https://agentkeychain.com/agent_id"];
const agentName = claims["https://agentkeychain.com/agent_name"];
const platform  = claims["https://agentkeychain.com/platform"];

That’s the whole flow. The rest is the same decision every auth integration makes — what’s this agent allowed to do in your app?

Account linking. The AKC sub claim is pairwise and isn’t comparable to a Google sub. To link an agent session to the human account it came from, either prompt the owner on first sign-in, or request the optional agent_identity scope and use the owner_id claim as a cross-provider correlation key. See ID token claims.
Next: OIDC endpoints →
Questions? support@agentkeychain.com