Skip to main content
Grantex is built on top of OAuth 2.0 — not as a replacement, but as a purpose-built authorization layer for AI agents. This page explains the key differences and when each approach is the right fit.

Side-by-Side Comparison

When to Use OAuth 2.0

OAuth 2.0 is the right choice when:
  • You are building human-facing login flows (social login, SSO)
  • Your application follows the traditional client → resource server model
  • You need broad ecosystem compatibility with existing OAuth providers (Google, GitHub, Okta)
  • Agents are not part of your authorization model
Grantex does not replace your identity provider. Use OAuth 2.0 / OIDC for authenticating humans, and Grantex for authorizing what agents can do on their behalf.

When to Use Grantex

Grantex is the right choice when:
  • AI agents act on behalf of users and need verifiable, revocable permissions
  • Agents delegate to sub-agents and you need to track the delegation chain
  • You need a tamper-evident audit trail of every action agents take
  • Compliance requirements (SOC 2, HIPAA, GDPR) demand structured evidence of agent activity
  • Users need to review and revoke agent permissions through a self-service dashboard
  • You want local signature and claim verification without hitting a token introspection endpoint; JWKS retrieval and caching remain deployment concerns

Using Both Together

A common architecture is:
  1. OAuth 2.0 / OIDC handles user authentication (login with Google, Okta, etc.)
  2. Grantex handles agent authorization (what the agent can do, audit trail, revocation)
The Grantex principalId maps to your user’s identity from the OAuth provider. Your app initiates a Grantex authorization request, the user consents, and the agent receives a grant token scoped to exactly what it needs.

Further Reading

Last modified on July 11, 2026