AI Agent Authenticator
The AI Agent Authenticator (AAAuth) is an application that enables delegated authentication between Gemini Enterprise and custom ADK or A2A agents.
Letting agents authenticate to MCP servers and APIs
When an agent needs to interact with an MCP server or access Google Cloud resources, it needs to authenticate. An agent can authenticate in two ways:
-
The agent can use its attached service account or agent identity to authenticate.
However, for Gemini Enterprise agents, this approach can be problematic: Gemini Enterprise agents operate in a close interaction loop with a user and tend to fit the notion of an assistant or interactive agent. As such, they act on behalf of a user, not on their own behalf.
A Gemini Enterprise agent that uses a service account or agent identity to access resources is prone to falling victim of confused deputy attacks , in which a user tricks the agent into performing actions or accessing resources that the user themselves isn't authorized to access.
-
The agent can use OAuth to request authorization from the Gemini Enterprise user to act on their behalf. This lets the agent access resources as the user.
This approach, referred to as delegated authorization, helps prevent confused deputy attacks and is a better way for most Gemini Enterprise agents to authenticate.
Gemini Enterprise lets you implement (2) by configuring agent authorization . Depending on your identity provider , agent authorization lets you implement the following scenarios:
| Scenario | Google identity | Workforce identity (Entra) | Workforce identity (other) |
|---|---|---|---|
| Access Google APIs on behalf of the user (requires an access token) |
|||
| Access other Cloud Run services (requires an ID token) |
|||
| Access other IAP-protected services (requires an ID token) |
|||
| Access Azure, M365 on behalf of the user (requires an access token) |
AAAuth lets you implement delegated authorization for a number of additional scenarios:
| Scenario | Google identity | Workforce identity (Entra) | Workforce identity (other) |
|---|---|---|---|
| Access Google APIs on behalf of the user (requires an access token) |
|||
| Access other Cloud Run services (requires an ID token) |
|||
| Access other IAP-protected services (requires an ID token) |
|||
| Access Azure, M365 on behalf of the user (requires an access token) |
Delegated authorization using AAAuth
AAAuth works by acting as an intermediary between Gemini Enterprise and your identity provider:
- When you set up agent authorization, you configure AAAuth as identity provider.
- AAAuth redirects the user to your actual identity provider, which might be Google or an external identity such as Microsoft Entra.
- Before returning to Gemini Enterprise, AAAuth performs an additional token exchange to ensure that Gemini Enterprise receives the right token for the scenario you're implementing.
That way, AAAuth lets you implement delegated authorization for a number of additional scenarios:
-
If you use Gemini Enterprise with workforce identity federation, you can use AAAuth to let users delegate their access to ADK and A2A agents so that agents can access resources on the users' behalf.
In this scenatio, AAAuth authenticates the user using your external identity provider, obtains an ID token and exchanges it against a federated access token by using workforce identity federation, and lets Gemini Enterprise forward the resulting access token to the agent.
-
If you use Gemini Enterprise with Google authentication, you can use AAAuth to let a users delegate their identity to ADK and A2A agents in a way that enables agents to make calls to IAP- and Cloud Run-hosted tool servers on users' behalf.
In this scenatio, AAAuth obtains a Google ID token for the user, and lets Gemini Enterprise forward the ID token to the agent.
Implementation
AAAuth is a stateless application that is designed for Cloud Run and implemented using ASP.NET Web API. The application exposes the following endpoints:
- OpenID provider metadata: Returns OpenID provider metadata that reflects your identity provider's metadata, but uses AAAuth's own Authorization- and Token-endpoint.
- OAuth authorization: Handles OAuth authorization requests by redirecting the user to your existing identity provider.
- OAuth token: Handles OAuth token requests by obtaining tokens from your external identity provider and, depending on the configuration, performing additional token exchanges before returning them to Gemini Enterprise.
AAAuth behaves like an OAuth identity provider, but doesn't issue tokens by itself -- it merely mediates between your identity provider and Gemini Enterprise.
What's next
Deploy AAAuth to Cloud Run by using Terraform.