Open authorization protocol for OpenAI Agents — scoped permissions instead of API keys

mishrasanjeev · March 15, 2026, 2:00pm

I’ve been building agents with the OpenAI Agents SDK and kept hitting the same
authorization problem: when an agent acts on behalf of a user (reads files, sends
emails, makes purchases), how do you control what it’s actually allowed to do?

Most of us just pass API keys or hardcode credentials. The agent gets full access
to everything. No scoping, no user consent, no audit trail, no way to revoke one
agent without rotating keys for all of them.

I built Grantex to solve this — it’s an open authorization protocol (Apache 2.0)
designed specifically for AI agents. There’s a native OpenAI Agents SDK integration:

  pip install grantex-openai-agents

What it gives you:

User consents to specific scopes for a specific agent (e.g. calendar:read, email:send)
Agent gets a signed JWT — time-limited, revocable, offline-verifiable via JWKS
Delegation chains — Agent A can delegate to Agent B with narrower scopes
Budget controls — hard spending limits per agent, 402 if exceeded
Full audit trail of every action

Quick example with the Agents SDK:

  from grantex_openai_agents import GrantexTool
  from agents import Agent

  agent = Agent(
      name="assistant",
      tools=[GrantexTool(scopes=["calendar:read", "email:send"])],
  )

The protocol has an IETF Internet-Draft submitted to the OAuth Working Group,
NIST NCCoE filing, and SOC 2 Type I certification.

Also has integrations for LangChain, CrewAI, Google ADK, Vercel AI, AutoGen,
Express.js, FastAPI, MCP, and Terraform. TypeScript, Python, and Go SDKs.

GitHub: GitHub - mishrasanjeev/grantex: grantex is the identity, authorization, and audit infrastructure for AI agents — the "OAuth moment" for the agentic internet. We provide a universal SDK and cloud service that lets any AI agent act on behalf of a human with scoped, revocable permissions, cryptographic identity, and an immutable audit trail. Developers integrate in minutes. · GitHub
Docs: https://docs.grantex.dev
Playground: Playground — Grantex | Try AI Agent Authorization Live

Curious how others here are handling agent authorization — are you rolling your
own, or just living with API keys?

Topic		Replies	Views
Proposal: A Cryptographic Identity Infrastructure for Autonomous AI Agents and Robotics Community ai-agents	5	253	December 1, 2025
Short Lived Restrictive API Keys Feedback	3	83	March 13, 2026
Agent Definition Protocol (ADP) + ESP — A Portable Standard for Cross-Framework AI Agents Community agents , tools , frameworks , workflow , apps-sdk	0	79	February 5, 2026
How to secure OpenAI keys - when building Agentic AI workflows and AI agents? Community api , assistants-api	1	154	July 3, 2025
Agents SDK Issues with model access API agents-sdk	1	656	March 16, 2025

Open authorization protocol for OpenAI Agents — scoped permissions instead of API keys

Related topics