OAuth 2.0
Most secure and widely supported
User-delegated authentication with automatic token refresh and granular permissions.
Best for: Google, Microsoft, Slack, GitHub
Authentication Methods Comparison
Compare different authentication methods supported by Agent Auth including OAuth 2.0, API Keys, Bearer Tokens, and Custom JWT to choose the right approach.
Agent Auth supports multiple authentication methods to connect with third-party providers. This guide helps you understand the differences and choose the right authentication method for your use case.
Authentication methods overview
Section titled “Authentication methods overview”API Keys
Simple static credentials
Provider-issued keys for straightforward server-to-server authentication.
Best for: Jira, Asana, Linear, Airtable
Bearer Tokens
User-generated tokens
Personal access tokens with scoped permissions for individual use.
Best for: GitHub PATs, GitLab tokens
Custom JWT
Advanced signed tokens
Cryptographically signed tokens for service accounts and custom protocols.
Best for: Custom integrations, service accounts
Comparison matrix
Section titled “Comparison matrix”| Feature | OAuth 2.0 | API Keys | Bearer Tokens | Custom JWT |
|---|---|---|---|---|
| Security Level | High | Medium | Medium | High |
| User Interaction | Required | Optional | Required | Not required |
| Token Refresh | Automatic | N/A | Manual | Varies |
| Setup Complexity | Moderate | Easy | Easy | Complex |
| Granular Permissions | Yes | Limited | Yes | Limited |
| Provider Support | Widespread | Common | Common | Limited |
When to use each method
Section titled “When to use each method”OAuth 2.0
Section titled “OAuth 2.0”Use when:
- Provider supports OAuth
- Acting on behalf of users
- Need automatic token refresh
- Require granular permissions
- Building user-facing applications
Example: User connects Gmail to send emails through your app
API Keys
Section titled “API Keys”Use when:
- Provider only supports API keys
- Building internal tools
- Server-to-server communication
- Simplicity is priority
Example: Automated Jira ticket creation for support system
Bearer Tokens
Section titled “Bearer Tokens”Use when:
- Personal access is sufficient
- Building developer tools
- OAuth unavailable
- User prefers manual control
Example: Personal GitHub repository automation
Custom JWT
Section titled “Custom JWT”Use when:
- Provider requires JWT
- Service account access needed
- Custom authentication protocol
- Advanced security requirements
Example: Enterprise service account integrations
Next steps
Section titled “Next steps”- Providers - Available third-party providers
- Connections - Configure provider connections
- Authorization Methods - Detailed authentication implementation