|
|
|
|
|
|
by mcnamtm1
133 days ago
|
|
|
Good question. To clarify: the app still has its own internal auth
logic — we're not bypassing that. The encrypted lane handles connection isolation (who can reach
the app), while the app still handles identity (who the user is). For agent-to-app communication specifically, the pattern we use:
1. Agent passes a short-lived token in the request payload (not URL)
2. App validates the token against its local auth store
3. The encrypted lane ensures no one else can intercept/replay that token Let me clarify. I am not suggesting disabling authentication inside the app. I am suggesting a solution is to layer the network isolation + application auth. The secure application layer channel just removes the OAuth redirect dance for machine-to-machine flows. For human access, you'd still need SSO. But once the human is authenticated, the services authenticate to one another (machine-to-machine) also at the application layer (not layers 3/4). Does that make sense for your use case, or are you looking for something
that works with human SSO flows too? |
|
|