identityOIDC provider and key issuer
Open dashboard

Agent-native setup plane

Let maintenance agents request access without handling the dashboard.

Identity gives agents a documented path to discover resource services, open the required access request, mint an org-scoped API key, and exchange that key for short-lived OIDC JWTs.

Install MCPRead OIDC docs

Agent setup request

org=acme, service=agentier-dashboard

pending
1

Discover

list_targets

Find requestable resource services and their published scopes.

2

Ask

request_service_access

Create the auditable service-access approval row first.

3

Mint

request_api_key

Issue the setup key only after the access request is approved.

4

Exchange

/oauth/token

Trade the setup key for 15-minute JWTs at runtime.

One setup credential, short runtime tokens.

API keys are the durable approval outcome for a specific org and authorized resource set. Resource services receive JWTs with one audience per token, so authorization remains local and explicit.

Approval creates org-scoped service access, not a bearer credential.

API keys stay at setup boundaries and can be revoked without changing resource services.

Short-lived JWTs carry aud, azp, org, scope, and service_request_id claims.

MCP tools expose the setup workflow.

Agents can use the same approval language humans see in the dashboard. Failed API-key requests include a corrective hint to call request_service_access first.

{
  "mcpServers": {
    "identity": {
      "url": "https://identity.1above.ai/mcp",
      "headers": {
        "Authorization": "Bearer <user-or-bootstrap-token>"
      }
    }
  }
}

Public entry points for humans and agents.

Agent brief

Identity MCP tutorial

Install instructions, tools, and agent setup workflow.

OIDC integration manual

Authorization code, API key grant, claims, and errors.

LLM manifest

Machine-readable entry points for docs and public endpoints.

OIDC discovery

Issuer metadata for clients and resource services.