AI Identity: Human Sign-In and Agent Access
This course is in development. This page is the plan, not the course: it tells you what it will teach, where it sits on the path, and what it depends on. The other Mode 2 courses already point here, so this is the page they point at. When the lessons land, this becomes the course.
The identity and access layer of the Manufacturing path · two halves you build end to end · taught the way the rest of the track is: you direct a general agent, no TypeScript required
This course delivers the layer that lets you own your own sign-in and let your agents act with real, bounded authority. You build it in two halves.
First, owning the sign-in. Rather than renting a third-party login, you stand up your own production-grade authentication: email and social sign-in, sessions, two-factor, and an OAuth/OIDC server that actually issues the tokens. The stack is Better Auth, an open-source identity framework. This is the issuer that the Connector-Native Apps course only validated. There your gateway checked tokens someone else signed; here you become the one who signs them.
Second, identity for agents. You give an AI worker its own credential and a safe way to act on behalf of a person, with authority that is scoped, time-boxed, revocable, and human-approved, so a Digital FTE can do real work when no human is in the chat, without ever impersonating one.
The one question this course answers
Every system you build after this, you can ask one thing of:
Whose identity is this, and how does authority pass from a human to an agent?
That question is the spine. The specific tools will keep changing as the agent-identity standards settle; the question does not.
What it's anchored on
The course is deliberately concept-anchored on durable primitives, the parts that stay true while the tooling churns:
- A user's verified sign-in: a real identity, not a guessed one.
- An agent's own credential: the worker is not the human, and it shouldn't borrow the human's login.
- On-behalf-of delegation: authority handed from a person to an agent, on purpose.
- Least-privilege scope: the narrowest authority that does the job.
- Human approval: a person in the loop for anything that matters.
Where this sits
In Mode 2, between Plugins and Build AI Agents. The path runs:
Connector-Native Apps → Plugins for Coding Agents → this course → Build AI Agents.
Connector-native apps and plugins both borrow the identity of whoever is running the host. This course is where identity stops being borrowed: you own the sign-in, and you give the agent one of its own. Then Build AI Agents gives the agent its loop, and later, in Human-Agent Teams, you put that identity to work running a roster of these agents alongside people.
A note on maturity (why this is honest, not hype)
The two halves are at different stages, and the course will say so plainly:
- Human sign-in is production-grade today. Better Auth (YC-backed) is a mature, open-source identity stack: email and social login, sessions, two-factor, and a real OAuth/OIDC server. The first half is something you can ship.
- Agent identity is still settling. Giving an agent its own bounded, revocable, on-behalf-of authority is the direction the industry is moving. Anthropic signalled it with human-agent teams, and Better Auth has an early Agent Auth plugin, but the standards are young. The second half teaches the durable primitives above and treats any specific tool as one swappable instantiation, not the final answer.
That split is the point of anchoring on primitives: when the standards land, the mental model already fits them.