AIPassport
OAuth-inspired delegated AI access — stop sharing raw API keys with every app that wants to use AI on your behalf.
AIPassport is an exploratory reference implementation of a broker that sits between third-party applications and upstream AI providers. Instead of handing apps your raw API key, you grant them scoped, time-limited, revocable access through signed JWT tokens. The broker enforces permissions, proxies requests, and injects real credentials only at the point of the upstream call.
Raw provider keys never leave the server.
This is a reference implementation and a starting point for discussion — not a finished standard or production system. See Status & Limitations and Security Model for details.
How it works
- A third-party app requests access to a specific AI provider, model, and capability
- The user reviews and approves the request through a consent flow, setting scope and time limits
- The broker issues a signed JWT — a short-lived delegated token that never contains the raw API key
- The app sends requests through the broker using the token as a Bearer credential
- The broker validates the token, checks scopes and usage caps, injects the real API key, and proxies the request upstream
- The user can revoke access at any time — all associated tokens are instantly invalidated
Key properties
- Raw API keys stay server-side. Provider credentials are stored in environment variables and injected only at proxy time.
- Delegated tokens are signed JWTs. Tokens carry embedded claims (grant ID, issuer, expiration) and are cryptographically verified on every request.
- Access is scoped. Each grant specifies the provider, allowed models, capabilities, request caps, and budget limits.
- Access is time-limited. Grants and tokens expire automatically.
- Access is revocable. Revoking a grant cascade-invalidates all its tokens immediately.
Current implementation
The reference implementation is built with Express, TypeScript, SQLite, and the jose JWT library. It includes a demo UI, upstream proxy support for OpenAI and Anthropic, and a test suite with 57 passing tests.
See Getting Started to run it locally, or Architecture for the system design.