Signup forms were designed for humans with browsers. AI agents get a 401 and have nowhere to go.
auth.md (WorkOS, MIT) changes that: a tiny Markdown file at your domain tells any agent how to register — what flows you support, what endpoints to hit, what scopes it’ll get.
I just shipped an OpenClaw skill that implements the user-claimed flow end-to-end:
openclaw skills install auth-md-signup
The flow in 90 seconds
- Agent sees
401 WWW-Authenticate: Bearer resource_metadata="…" - Two-hop discovery: PRM → AS metadata →
agent_authblock - POST anonymous registration → gets
claim_token - Asks you for your email in-channel
- Service emails OTP → you paste it back
- POST
claim/complete→ scoped, revocable credential stored
Why the OTP step is non-negotiable
The agent can’t complete signup without you. No silent account creation, no credential exfiltration. The human OTP step is the consent gate — remove it and you remove the accountability that makes delegated signup trustworthy.
The reference implementation uses NoForm — which hosts auth.md infrastructure for services that don’t want to build it themselves. The skill works with any auth.md-compliant service.
Error handling built in
| Code | What happens |
|---|---|
otp_invalid |
Ask user to retry (max 3x) |
otp_expired |
Offer to re-send OTP |
claim_expired |
Restart anonymous registration |
previously_claimed |
Tell user, stop |
anonymous_not_enabled |
Tell user, stop |
Revocation
One call to revocation_uri with the token. Agent deletes it locally. Your account stays intact.
Links
- ClawHub: clawhub.ai/skills/auth-md-signup
- Protocol: github.com/workos/auth.md
- Reference implementation: noform.dev
Top comments (0)