Welcome to the Identity Service repository
AGNTCY Identity Service serves as the central hub for managing and verifying digital identities for your Agentic Services. In today's interconnected digital landscape, secure and reliable identity management is paramount. AGNTCY Identity Service addresses this need by providing a streamlined service to:
- Verify the authenticity of existing identity badges.
- Register new Agentic Services, establishing their unique identities.
- Define TBAC (Task-Based Access Control) policies to govern access and permissions.
Whether you are integrating existing services or deploying new ones, AGNTCY Identity Service ensures that all your components—including MCP Servers, A2A Agents, and OASF—are properly identified, managed and secured.
- 🌟 Main Components.
- ⚡️ Get Started in 5 Minutes.
You can also:
- 📦 Check-out the Sample Agents and MCP servers.
- 🌐 Sign up for our hosted SaaS Identity Service to try our features.
- 📘 Explore our full Documentation to understand our platform's capabilities.
- 📝 See a full video Walkthrough of the Identity Service.
- Backend: Core identity management service.
- Frontend: Web interface for user interactions.
- SDKs: Libraries for various programming languages to interact with the Identity Service.
- Docs: Comprehensive documentation for users and developers.
- Samples: Example agents and MCP servers to demonstrate integration.
This short guide allows you to setup the Identity Service Frontend as well as the Identity Service Backend.
To run these steps successfully, you need to have the following installed:
- Docker Desktop, or have both: Docker Engine v27 or higher and Docker Compose v2.35 or higher
-
Setup OIDC Provider
-
Create an OIDC application in your OIDC provider.
You can use any OIDC provider of your choice. For testing purposes, you can use Ory, Keycloak or Auth0. Configure the following variables in your shell environment:
export OIDC_ISSUER_URL=<OIDC_ISSUER_URL> export OIDC_CLIENT_ID=<OIDC_CLIENT_ID> export OIDC_LOGIN_URL=<OIDC_LOGIN_URL> export OIDC_CLIENT_ID_CLAIM_NAME=<OIDC_CLIENT_ID_CLAIM_NAME>
where:
-
OIDC_ISSUER_URL- The URL of your OIDC provider (e.g.,https://{INSTANCE_URL}/oauth2/{CLIENT_ID}/.well-known/openid-configuration). -
OIDC_CLIENT_ID- The client ID you created in your OIDC provider. -
OIDC_LOGIN_URL- The login URL of your OIDC provider (e.g.,https://{INSTANCE_URL}/oauth2/{CLIENT_ID}/authorize). -
OIDC_CLIENT_ID_CLAIM_NAME- The claim name in the Access token that contains the client ID (default:cid).📝 NOTE Make sure to add
http://localhost:5500as a redirect URI for your OIDC client.
-
-
Or use our demo script to setup a local OIDC provider using Ory Hydra:
. ./demo/scripts/setup_hydra_oidcThis will setup a local OIDC provider using Ory and configure the necessary environment variables in your shell.
-
-
Start the Frontend and the Backend with Docker:
./deployments/scripts/launch.sh
Or use
makeif available locally:make start
📝 NOTE You can also install the
Backendand theFrontendusing our Helm charts. -
Access the Frontend UI and the Backend APIs:
- The Backend APIs will be available at:
http://localhost:4000for REST andhttp://localhost:4001for gRPC. - The Frontend UI will be available at:
http://localhost:5500.
- The Backend APIs will be available at:
For more detailed development instructions please refer to the following sections:
See the open issues for a list of proposed features (and known issues).
See the AGNTCY Calendar for the next Identity WG sessions. Join the Identity WG here: Slack Invitation.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated. For detailed contributing guidelines, please see CONTRIBUTING.md.
Distributed under Apache 2.0 License. See LICENSE for more information. Copyright Copyright AGNTCY Contributors (https://github.com/agntcy) Contributors.