Skip to content
v1.0 · Identity for the Agentic Era

Auth for humans and the agents they ship.

Your team can already build the concierge that books flights, syncs calendars, charges Stripe. Shark makes sure it ships the right way: real OAuth identity per agent, DPoP-bound tokens, delegation chains with full audit, and one call to revoke when a customer churns. One binary. SQLite. Self-host in 60 seconds. All human auth primitives included — passkeys, MFA, SSO, RBAC, orgs.

30MB binarySelf-host in 60sFree forever
terminal
$ curl https://get.sharkauth.dev | sh
$ shark serve
→ listening :8443 · ready in 180ms
Join the waitlist
30-second demo
30 MB
One binary. Backend, migrations, React dashboard.
SQLite
Embedded. No Postgres, no Redis, no SaaS bill.
MCP
Discovery metadata for Model Context Protocol.
MIT
Open source. No phone-home.
Acme Travel concierge demo

Your agents are already doing this. They're just not doing it safely.

Maria signs up. Concierge plans her trip — delegates to Flight Booker, Hotel Booker, Calendar Sync, Payment Processor. Every hop: DPoP proof. Every token: scoped down. Every action: one immutable audit row with the full chain. Maria churns? One call cascade-revokes the whole tree.

Your team can already build this. Shark makes it ship right.

RFC 9449

DPoP per hop

RFC 8693

Token Exchange

OAuth 2.1

PKCE for all

Cascade Revoke

One call, full tree

Mariasubject

passkey · maria@acme.travel

binding

DPoP (RFC 9449)

factor

passkey

RFC 8693 · Token Exchange

subject = Maria, actor = Concierge

scope=travel:plan ttl=900s

Conciergeactor

agent · trip-planner.worker

binding

DPoP (RFC 9449)

parent

bound

RFC 8693 · Parent-bound

subject = Concierge, actor = Flight Booker

scope=flights:book parent=bound

Flight Bookeractor

agent · flights.api.call

binding

DPoP (RFC 9449)

parent

bound

RFC 8693 · Parent-bound

subject = Flight Booker, actor = Payment Processor

scope=payments:charge parent=bound

Payment Processoractor

agent · stripe.charge.worker

binding

DPoP (RFC 9449)

parent

bound

→ POST /v1/charge · via proxy200 · 18ms
Audit streamlive
00:00.000user.login status=success actor=maria@acme.travel
00:00.018 factor=passkey dpop=bound
00:00.220oauth.token.exchanged subject=maria actor=concierge
00:00.224 scope=travel:plan
00:00.412oauth.token.exchanged subject=concierge actor=flight-booker
00:00.416 scope=flights:book parent=bound
00:00.601oauth.token.exchanged subject=flight-booker actor=payment
00:00.605 scope=payments:charge parent=bound
00:01.120users.revoke_agents user=maria reason=churn cascade=true
00:01.124 tokens_killed=4 agents_killed=3
One platform, two halves

Auth0 covers half.
We cover both.

Incumbents bolted agent support onto a 2014 user model. Shark was built from the start for both sides of the equation — the humans using your product and the agents acting on their behalf.

01For your humans

Every auth primitive your users expect.

  • Passkeys (WebAuthn Level 2)
  • MFA (TOTP + backup codes)
  • SSO — SAML 2.0 + OIDC
  • Magic links
  • Organizations + invitations
  • RBAC
  • Session management
  • Magic links
02For your agents

RFC-native identity for every autonomous call.

  • OAuth 2.1 per agent
  • DPoP-bound tokens (RFC 9449)
  • RFC 8693 token delegation
  • Token vault (AES-256-GCM)
  • Cascade revoke — one call
  • Audit chain — immutable
  • Dynamic client registration
  • MCP discovery metadata
Identity-Aware Security Proxy

The edge enforces.
The backend trusts.

Shark Proxy is a programmable ingress that sits in front of your upstream services. Every request is authenticated, authorized, and annotated before it ever touches your code.

01

Automatic Identity Injection

Upstream services receive immutable, signed headers. The caller is who they say they are or the request never arrives.

02

Programmable Policy Engine

Fast dynamic rules that match paths and methods against roles, scopes, and agent attributes. Hot-reloaded from a single config file.

03

Edge Paywalls

Gatekeep by tier. Trigger Free → Pro upgrade flows at the gateway. Free users never reach the feature; paying users never see a loading state.

04

Zero-Trust For Both

One gateway for humans and machines. Built-in circuit breaking, session caching, and consistent enforcement for every caller.

request · upstream /v1/commitsinjected
Headers your upstream receives
  • X-User-IDusr_01HQ8Z…alice
  • X-User-Emailalice@acme.co
  • X-User-Rolesadmin, repo.read
  • X-Agent-IDagt_01HQ8Z…agent-c
  • X-Agent-Nameci.worker.fetch
  • X-Auth-Methoddpop+session
  • X-Shark-Auth-Modeenforce
  • X-Shark-Cache-Age0ms
GET /v1/commits→ 200 · 12ms
Managed Token Vault

Agents call third parties.
They never see the key.

Your users authorize the connection once. From then on, the vault issues short-lived, scoped tokens on demand. Refresh tokens stay sealed. Provider quirks handled for you.

01

Zero-secret architecture

Agents request a token for Alice's GitHub. The vault signs and returns one, scoped and short-lived. Raw refresh tokens never leave the vault, not even in logs.

02

Auto-refresh with provider quirks

Google's sliding window, Slack's rotating refresh, GitHub's PAT semantics, Notion's workspace scoping. Shark knows the weird bits and handles them silently.

03

User-delegated “Connect Account”

Drop-in flows that bridge the human and the agents acting for them. Alice clicks Connect once; every agent she trusts inherits scoped, revocable access.

04

One-click revoke

Pull a connection and every agent holding a token derived from it loses access inside a second. Audit log shows you the blast radius in plain English.

vault · live connections9 active
  • GitHubrepo, workflowttl 15m
  • Google Calendarevents.readonlyttl 10m
  • Google Drivefiles.readonlyttl 10m
  • Google Gmailsendttl 10m
  • Slackchat:write, channels:readttl 5m
  • MicrosoftUser.Read, Mail.Readttl 10m
  • Notionpage:read, db:writettl 15m
  • Linearissue:read, issue:writettl 15m
  • Jiraread:jira-workttl 15m
refresh tokens sealed● encrypted
Flexible Integration

Two operational modes.
Pick one. Change your mind later.

Shark adapts to your architecture, not the other way round. Deploy as a gateway for zero-code coverage, or wire it into your code for granular control.

01 · Proxy ModeNo-code

Deploy as a gateway.

Shark sits as an identity-aware ingress. It handles all authentication and path-level authorization at the edge, injecting verified identity headers into your upstream requests.

Ideal for rapid deployment and securing legacy systems. Zero lines of auth code in your backend.

  • HTTP ingress
  • Path + method RBAC
  • Signed identity headers
  • Hot-reload policies
02 · SDK ModeFull control

Drop into your code.

Native TypeScript and Python SDKs for in-process control. You own the user experience and internal auth checks. Shark handles session lifecycle, token validation, and DPoP verification.

For teams that want granular product control without rebuilding the session, DPoP, and delegation layer themselves.

  • TypeScript
  • Python
  • React helper
  • Agent-friendly CLI
Control Plane

One console.
Every human. Every agent.

Shipped inside the same 40MB binary. Watch delegation chains form. Rotate an agent key without waking anyone. Pull a session from a row in a table.

live · 38 agents
Users
12,804
+318 last 7d
Active sessions
3,211
websocket + rest
MFA adoption
68%
8,706 enabled
Failed logins 24h
41
circuit ok
API keys active
84
4 expiring
Agents activenew
38
9 delegated now
Auth method · 30d
Password58%
OAuth26%
Passkey11%
Magic link5%
Recent activity live
8s agoagentagent-coauth.token.exchangedsubject: agent-b · scope: repo:read
22s agouseralice@acme.couser.loginstatus: success · factor: passkey
41s agoagentagent-boauth.token.exchangedsubject: alice · scope: repo:read
1m agouserbob@acme.coapi_key.rotatedkey: ci.worker · by: bob
1m agosystemadminoauth.dcr.registeredclient: ci.daily.worker
2m agousercarol@labs.iouser.loginstatus: failure · reason: bad_password
2m agouserdan@acme.cosession.revokereason: admin_revoked
3m agouseralice@acme.coconsent.revokedapp: scheduler · scope: repo:read
System health
Version
0.8.4
up-to-date
Uptime
14d 06:42
since last restart
Database
28 MB
sqlite · healthy
Migrations
0019
cursor up-to-date
JWT mode
rotating
ES256 · 2 keys active
SMTP
postmark
pro tier
OAuth
4
google, github, slack, microsoft
SSO
2
connections
Attention
4 keys expiring in the next 7 days.
9 agents delegated right now. Review chains.
Everything else healthy.

01

Six primary metrics

Users, sessions, MFA adoption, failed logins, API keys, agents. Live sparklines, no refresh needed.

02

Auth method breakdown

Password, OAuth, passkey, magic link. Thirty-day rolling donut.

03

Recent activity stream

Every token exchange, policy match, session mutation. Server-sent, not polled.

04

System health panel

Version, uptime, DB size, JWT mode, SMTP tier, SSO connections.

What it feels like

Four calls.
The whole security model.

DPoP binding, delegation chains, chain introspection, and cascade revoke. These are the four primitives that make agent auth safe. Here is what they look like in Python.

from shark_auth import Client, DPoPProver
 
client = Client(base_url="https://auth.example.com", token="sk_live_...")
prover = DPoPProver.generate()
 
token = client.oauth.get_token_with_dpop(
    grant_type="client_credentials", dpop_prover=prover,
    client_id="agent-123", client_secret="secret", scope="mcp:write",
)
# token.cnf_jkt = thumbprint binding. Token theft alone is useless.
Comparison

What you get,
next to what you pay for.

Incumbent IAM bolted agents onto a 2014 user model. Shark started the other way round.

FeatureSharkAuthSingle binary · free foreverAuth0 / WorkOS / Clerk / StytchIncumbent
Per-customer agent identityFirst-classHack on top of M2M
DPoP (RFC 9449)Native, per-hopNone
Token exchange w/ delegation (RFC 8693)Native, auditedNone
Cascade revoke (5 layers)One callManual per token
Self-hostFree, single binaryEnterprise tier or unsupported
External depsNone (embedded SQLite)Postgres + Redis usually
Per-MAU pricingFree foreverYes
Token vault for upstream APIsBuilt-in, AES-256-GCMBuild it yourself

Checked April 2026. Auth0 / WorkOS / Clerk / Stytch checked against public pricing and documentation.

Technical Architecture

Own the binary.
Own your data.

One binary. Embedded SQLite. Embedded React admin. No Postgres. No Redis. No SaaS bill. Boot cold with shark serve.

~30 MB

Single binary

Backend, embedded migrations, and the embedded React admin compile to one static executable. No images, no sidecars, no service mesh.

SQLite

No external deps

Embedded SQLite. No Postgres. No Redis. No SaaS bill. The database lives in the binary. Cross-compile to every arch your team supports.

2 SDKs

TypeScript · Python

First-class SDKs for application code. Agent-friendly DPoP helpers, delegation utilities, and revoke calls built in.

ES256

Rotating signing keys

Zero-downtime key rotation. Two keys live at once, one signing and one verifying stragglers, so a rotate never breaks an in-flight token.

quick start/terminal
# Install the single binary
curl https://get.sharkauth.dev | sh
 
# Start serving
shark serve
 
→ admin: http://localhost:8443/admin
→ ready in 180ms · first agent token in <60s
MIT licensedno phone-home
Quickstart paths

Three paths in.
All free to start.

Pick the pattern that fits your architecture. Self-hosted is free forever. Cloud is TBA — no per-MAU pricing, no feature paywalls.

01Most common

Customer Agents

SaaS shipping per-tenant agents. Every customer gets isolated agent identities, scoped tokens, and their own revoke tree.

Join waitlist
02Agent-native

MCP Server

OAuth 2.1 gating for Model Context Protocol servers. Shark exposes the discovery metadata MCP clients use to bootstrap auth.

Join waitlist
03Self-host

Auth0 Replacement

Self-hosted, agent-native, drop-in. All human auth primitives included. No per-MAU pricing. No enterprise tier trapdoor.

Join waitlist
Open sourceShipping April 27 – May 15

Self-hosted.

One binary. Runs on a $5 VPS. MIT license, no phone-home, no “open core” trapdoor.

  • Every featureNothing reserved for Cloud
  • Unlimited MAUYour box, your rules
  • Free foreverNo per-MAU pricing, ever
  • Community supportDiscord, GitHub issues
Notify me when it ships
ManagedEarly access

Cloud.

We run it. You integrate. No per-MAU pricing. Flat tiers. TBA.

  • TBAFree tier
  • TBAStarter
  • TBAGrowth
  • TBAScale
Join the waitlist

No per-feature paywall. Passkeys, SSO, RBAC, audit logs, token vault, and cascade revoke ship on every tier, including the free self-hosted one.

Security model

When something goes wrong, you have five precise responses.

Not a sledgehammer. Not a ticket to your auth vendor. Five surgical calls, each mapped to a real incident pattern.

LayerActionWhen
1Revoke a single tokenToken leaked in a log
2Kill one agentOne agent went rogue
3Cascade-revoke a customer's whole fleetCustomer churned or compromised
4Kill all instances of a buggy agent-typeBad release pattern-wide
5Disconnect a compromised vault credentialUpstream provider key rotated
Join WaitlistRead the Docs