VORIM
We use cookies

We use cookies to analyze site traffic and improve your experience. You can choose to accept all cookies or only essential ones. See our Privacy Policy.

Credential DelegationOAuthSecurityAI Agents

Credential Delegation for AI Agents: How to Give Agents OAuth Access Without Sharing Secrets

S
Vorim AI Team
April 11, 2026 · 10 min read

The Token Problem Nobody Talks About

Your AI agent needs to read a Google Doc on behalf of a user. Right now, most teams solve this one of three ways: hardcode an OAuth token in the agent's config, share a refresh token that never expires, or build a custom token proxy from scratch.

All three are terrible. Hardcoded tokens get leaked. Shared refresh tokens can't be revoked per agent. Custom proxies take months to build and maintain. And none of them produce an audit trail of which agent used which token.

Credential delegation is the fourth option — and it's what you should be using.

What Is Credential Delegation?

Credential delegation is a model where agents never see raw OAuth credentials. Instead, the platform acts as a proxy:
  • Users connect their OAuth accounts once (Google, GitHub, Slack, etc.)
  • Operators delegate scoped access to specific agents
  • Agents request short-lived access tokens through Vorim
  • Refresh tokens stay encrypted in an AES-256-GCM vault — agents never touch them

Every token issuance is logged to an immutable audit trail. If an agent is compromised, you revoke its delegation — not the entire OAuth connection. Every other agent keeps running.

How It Works With Vorim AI

Step 1: Register an OAuth Provider

import { VorimSDK } from '@vorim/sdk';

const vorim = new VorimSDK({ apiKey: 'agid_sk_live_...' });

// Register Google as an OAuth provider
await vorim.registerProvider({
  provider_key: 'google',
  display_name: 'Google Workspace',
  client_id: 'your-google-client-id',
  client_secret: 'your-google-client-secret',
  auth_url: 'https://accounts.google.com/o/oauth2/v2/auth',
  token_url: 'https://oauth2.googleapis.com/token',
  scopes_available: ['drive.readonly', 'gmail.send'],
});

Step 2: Store a User's OAuth Connection

// After the user completes the OAuth consent flow
await vorim.storeConnection({
  provider_id: 'provider-uuid',
  refresh_token: 'ya29.a0AfH6SM...',  // encrypted at rest
  scopes_granted: ['drive.readonly', 'gmail.send'],
  external_account_id: 'user@gmail.com',
});

The refresh token is immediately encrypted with AES-256-GCM and stored in the vault. It's never logged, never cached, never accessible to any agent.

Step 3: Delegate to an Agent

// Give an agent access to a subset of scopes
await vorim.delegateCredential({
  connection_id: 'connection-uuid',
  agent_id: 'agid_acme_a1b2c3d4',
  scopes_delegated: ['drive.readonly'],  // subset only
  max_requests_per_hr: 100,
  valid_until: '2026-04-30T00:00:00Z',
});

The delegation scopes must be a subset of the connection's granted scopes. You can't give an agent more access than the user authorized.

Step 4: Agent Requests a Token

// Agent requests a short-lived access token
const token = await vorim.requestToken({
  agent_id: 'agid_acme_a1b2c3d4',
  scope: 'drive.readonly',
});

// Use it (expires in ~1 hour)
const response = await fetch(
  'https://www.googleapis.com/drive/v3/files',
  { headers: { Authorization: `Bearer ${token.access_token}` } }
);

Cascading Revocation

The real power is in revocation. If you revoke a delegation, it cascades instantly:
  • Revoke a delegation → that agent loses access immediately
  • Revoke a connection → all agents delegated through that connection lose access
  • Multi-hop chains → revoking any link kills the entire downstream chain

No more "revoke one API key and break 40 agents." Each agent's access is independently controllable.

Audit Trail

Every credential delegation action is logged:
  • When a delegation is granted and by whom
  • When an agent requests a token
  • Which scopes were requested vs. allowed
  • When a delegation is revoked
  • Failed attempts (scope violations, expired delegations)

This audit trail is separate from the main VAIP audit trail, giving you a dedicated credential compliance record.

Python SDK

Everything works in Python too: 
from vorim import Vorim

client = Vorim(api_key="agid_sk_live_...")

# Delegate credentials to an agent
client.delegate_credential(
    connection_id="connection-uuid",
    agent_id="agid_acme_a1b2c3d4",
    scopes_delegated=["drive.readonly"],
)

# Agent requests a token
token = client.request_token(
    agent_id="agid_acme_a1b2c3d4",
    scope="drive.readonly",
)

Get Started

Credential delegation is available now in @vorim/sdk v3.0.0 (npm) and vorim v3.0.0 (PyPI). Documentation at vorim.ai/docs.

Ready to build with agent identity?

Free plan: 3 agents, 10K auth events/month, full SDK access. No credit card.