Skip to main content

Three Primitives

Grantex introduces three primitives for agent authorization:

Agent Identity

Every agent registered with Grantex receives a cryptographic DID (Decentralized Identifier). This identity is embedded in every grant token the agent receives, allowing any service to verify which agent is acting.

Delegated Grant

A delegated grant is a human-approved, scoped, time-limited permission token. The user sees a plain-language consent UI describing exactly what the agent can do. Once approved, Grantex issues an RS256-signed JWT — the grant token — that the agent presents to services.

Audit Trail

Every action taken by an authorized agent is logged to an append-only, hash-chained audit trail. Each entry references the previous entry’s hash, creating a tamper-evident chain that can be verified independently.

The Authorization Flow

Step by step

  1. Register — The developer registers their agent with Grantex, declaring a name, description, and the scopes (permissions) the agent needs.
  2. Authorize — When the agent needs to act on behalf of a user, it initiates an authorization request. The user is redirected to a consent UI showing exactly what permissions are being requested.
  3. Approve — The user reviews the scopes in plain language and approves (or denies). On approval, Grantex returns an authorization code to your redirect URI.
  4. Exchange — Your application exchanges the authorization code for a signed grant token (RS256 JWT). This token contains the user’s identity, the agent’s DID, granted scopes, and expiry.
  5. Verify — Any service receiving the grant token can verify it offline using the published JWKS endpoint. No Grantex account or API call needed — just fetch the public keys.
  6. Audit — As the agent takes actions, each one is logged to the audit trail with the agent ID, grant ID, action name, and outcome.
  7. Revoke — The user can revoke any grant at any time. Revocation is effective immediately — the token is blocklisted in Redis and subsequent verification calls reject it.

Why an Open Standard?

  • Model-neutral — Works with OpenAI, Anthropic, Google, Llama, Mistral. No single AI provider can credibly own the authorization layer for their competitors’ agents.
  • Framework-native — First-class integrations for LangChain, AutoGen, CrewAI, Vercel AI, and more.
  • Locally verifiable — Services verify signatures and claims with published JWKS keys, without a per-token call to the Grantex verification API. The JWKS endpoint must remain reachable whenever a verifier needs current keys.
  • Compliance-supporting controls — Audit, scope, consent, and revocation features can provide evidence for applicable frameworks. They do not by themselves determine legal compliance or a system’s risk classification.
Last modified on July 11, 2026