Skip to content
AgentCircuits AgentCircuits

Authentication

Built-in auth providers

Section titled “Built-in auth providers”

The current host includes:

  • LocalUserId
  • Jwt
  • AzureAd

If Portal:RequireAuthentication is true and no provider is active, startup fails fast.

LocalUserId

Section titled “LocalUserId”

LocalUserId is the development-friendly mode. It identifies callers through:

  • X-AC-UserId
  • clientId
  • ac-client-id

JWT and Azure AD

Section titled “JWT and Azure AD”

JWT and Azure AD both support bearer token auth for normal HTTP requests and access_token handling on hub requests.

Public auth config endpoint

Section titled “Public auth config endpoint”

/api/auth/config returns public auth metadata including:

  • scheme
  • hubAuthMode
  • toolScopedTokens

Anonymous exceptions

Section titled “Anonymous exceptions”

The current runtime still permits anonymous access for a few surfaces such as:

  • auth configuration
  • A2A discovery
  • SPA fallback routes
  • session-surface file serving