Authorization Server Template — Architecture (agents)¶
Agent intent¶
Treat this host as critical-path for authentication. Changes to endpoints, client registration, or signing require Security and Ops awareness.
Canonical: Architecture — public
Responsibility split¶
| Token / client / JWKS | Authorization Server |
|---|---|
| User password hash / profile | Identity Backend |
| Validate JWT at edge | API Gateway (often) |
Trust¶
Resource servers must trust issuer + signing keys (JWKS). Agents generating new APIs should wire authentication middleware to the same authority documented in platform runbooks.