ragidi
← back

Agents, Access, and the Future of Machine Identity — Nick Nisi (WorkOS) + Lizzie Siegle (Cloudflare)

835 views · Jun 30, 2025 · 14:16 min · Watch on YouTube ↗
Takeaway

MCP plus OAuth on top of Cloudflare Durable Objects gives agents real, scoped, persistent machine identity rather than ad hoc API keys.

Summary

  • WorkOS + Cloudflare demo a deployed MCP server (npm run deploy via Wrangler) that orders a shirt on the user's behalf with OAuth-backed GitHub sign-in inside Claude.
  • Cloudflare bindings let MCP servers use Workers, Durable Objects (per-user persistent storage close to the user), KV (order info), Vectorize, D1, AI models — all in one stack.
  • JWT claims (roles, custom fields like 'favorite song') flow into the MCP server so the agent acts with the user's exact permissions; demo flips the durable object's 'mode' to 'banned' and the next order is rejected.
  • Argues OAuth must evolve from human-only to machine identity — fine-grained per-tool / per-line authorization is where this goes next, with audit trails as a baseline.
mcpoauthmachine-identity
Original description 
AI agents are calling APIs, submitting forms, and sending emails—but how do you control what they’re allowed to do? As agents act on behalf of users or organizations, traditional patterns like OAuth, session tokens, and role-based access often fall short.
In this talk, we’ll explore how machine identity is evolving to meet this new landscape. You’ll learn:

- How to think about authentication for agents (not just humans)
- What it means to authorize an action when the actor is an LLM or headless service
- Real-world strategies from WorkOS and Cloudflare for assigning, managing, and revoking agent identity and access

By the end, you’ll walk away with practical tools and mental models to build agent-powered systems that are secure, auditable, and scalable.

About Nick Nisi
Nick Nisi is an elite software engineer who is a veteran of open source web development, a lover of karaoke, an advocate for diversity in tech, a conference organizer extraordinaire, a lover of new experiences, and a beacon of expertise, kindness and hope for his development team.

Recorded at the AI Engineer World's Fair in San Francisco. Stay up to date on our upcoming events and content by joining our newsletter here: https://www.ai.engineer/newsletter