Auth Server Docs Blog Pricing
GitHub ↗ Discord ↗ Get started →
Open source infrastructure for agentic AI

The control plane for agentic AI.

Authentication, credential management, and governance for AI agents — self-hosted, cloud-hosted, or hybrid. Your infrastructure, your rules.

Explore the Auth Server → View on GitHub
Open Source AGPL-3.0 · free forever
Self-Hosted your infra, your rules
Enterprise AuthPlane EE · Cloud
AI Clients
C Claude
Cu Cursor
W Windsurf
G ChatGPT
V VS Code
Cx Codex
C Claude
Cu Cursor
W Windsurf
G ChatGPT
V VS Code
Cx Codex
G ChatGPT
V VS Code
Cx Codex
C Claude
Cu Cursor
W Windsurf
G ChatGPT
V VS Code
Cx Codex
C Claude
Cu Cursor
W Windsurf
AuthPlane
Auth Server Open source · AGPL-3.0
OSS
AuthPlane EE Self-hosted enterprise
Soon
AuthPlane Cloud Managed SaaS
Soon
Aw AWS
Gc GCP
Gh GitHub
Sf Salesforce
Sl Slack
Sn ServiceNow
Dd Datadog
Ji Jira
Sf Snowflake
Li Linear
Aw AWS
Gc GCP
Gh GitHub
Sf Salesforce
Sl Slack
Sn ServiceNow
Dd Datadog
Ji Jira
Sf Snowflake
Li Linear
Sn ServiceNow
Dd Datadog
Ji Jira
Sf Snowflake
Li Linear
Aw AWS
Gc GCP
Gh GitHub
Sf Salesforce
Sl Slack
Sn ServiceNow
Dd Datadog
Ji Jira
Sf Snowflake
Li Linear
Aw AWS
Gc GCP
Gh GitHub
Sf Salesforce
Sl Slack
MCP Servers
The problem

What's missing from agent infrastructure.

No Agent Identity

Agents share static API keys. There's no way to know which agent did what, no way to scope access per-agent, and no way to revoke one without breaking all of them.

With AuthPlane: Every agent gets a unique OAuth 2.1 identity with DPoP-bound tokens.

Credentials Are Unmanaged

Tokens scattered across env files and config maps. Can't rotate without downtime. Can't audit who has access. Every leaked secret is a full compromise.

With AuthPlane: Encrypted credential vault with per-owner HKDF derivation. Agents never see raw secrets.

Regulated Industries Are Locked Out

Banks, hospitals, and defense contractors cannot route agent authorization through cloud services they don't control. Their only option today: don't deploy agents at all.

With AuthPlane: Full audit trail, self-hosted deployment, and 13 RFC compliance. SOC2-ready from day one.
The Auth Server

AuthPlane. The authorization server for MCP.

Open source under AGPL-3.0. One Go binary that deploys anywhere — from your laptop to a Kubernetes cluster. Implements the complete MCP authorization specification (2025-11-25), including full OAuth 2.1.

AI Agents
Claude
Cursor
Windsurf
AuthPlane Auth Server
OAuth 2.1 DPoP PKCE
Validating tokens
MCP Servers
GitHub Protected
Linear Protected
Slack Protected
Deep dive into the Auth Server → Deploy in 5 minutes →
Who deploys AuthPlane

From solo developer to regulated enterprise.

Solo Developer

Local SQLite. Zero setup. Full OAuth 2.1 in 5 minutes. No cloud account, no subscription.

docker run -p 8080:8080 authplane/authserver
Try it now →

Platform Team

PostgreSQL HA. OIDC federation to your IdP. Token Vault manages GitHub, Slack, Linear credentials per-user.

placeholder
View pricing →

Regulated Enterprise

Air-gapped. Vault Transit encryption. Unified audit trail. The only self-hosted MCP control plane for finance, healthcare, and defense.

placeholder
Schedule a call →
The MCP Stack

Where AuthPlane sits in your architecture.

Layer: CLIENT Claude, Cursor, VS Code, Windsurf, Custom Agents
(your agents)
Auth Server OAuth 2.1 · JWT + JWKS · DPoP · Audit
OSS
Token Vault Upstream credentials · Encrypted at rest · RFC 8693 vending
Built in
Identity & Federation OIDC IdPs · XAA / ID-JAG · Agent identity chains
Built in

One self-hosted control plane
for MCP authorization.

AGPL-3.0 open source.
EE & Cloud options.

Layer: MCP SERVERS AWS, GCP, GitHub, Salesforce, Slack, Jira, ServiceNow
(ecosystem)
The vision

The control plane for agentic AI.

Like Twilio for communications. Like Stripe for payments. AuthPlane for agents.

Authenticate

Standards-based auth flows for every agent interaction. Full OAuth 2.1 with PKCE, dynamic client registration, and token exchange built in.

Manage Credentials

Encrypted token vault stores upstream credentials per-user, per-agent. Rotate, scope, and revoke without touching a single env file.

Prove Identity

Cryptographic proof binds tokens to the agent that requested them. DPoP prevents token theft and replay attacks at the protocol level.

Govern

Unified audit trail across every agent, every tool call, every credential. Know who accessed what, when, and why — before compliance asks.

From the blog

Deep dives & war stories.

Deep Dive March 4, 2026

OAuth 2.1 + PKCE Is the Only Right Way to Secure MCP

The MCP authorization spec mandates OAuth 2.1 with mandatory PKCE for a reason. Here's exactly why every alternative falls apart.

Read article →
War Story March 1, 2026

What We Saw When Teams Shipped MCP Without Auth

Four real attack patterns we observed in unprotected MCP deployments: token replay, log scraping, scope escalation, and zero audit trail.

Read article →
RFC Breakdown February 26, 2026

Reading RFC 9728 So You Don't Have To

Protected Resource Metadata is the mechanism MCP agents use to discover authorization servers. Full walkthrough of the spec.

Read article →
View all posts →

Take control of Agentic AI.

Deploy AuthPlane in 5 minutes. Self-hosted. Open source. No credit card required.

Deploy AuthPlane → Read the docs →