<!-- buttondown-editor-mode: plaintext --> Auth is the #1 blocker for AI agents. Here's who's fixing it (and who isn't).

In issue #5, we showed that 30% of developer tools require human authentication to even sign up. But we glossed over the tools whose entire job is authentication — and how they handle agents.

We scored 5 of the leading auth platforms. The results will not surprise you if you've tried to build an agent that manages users.

The problem: Auth was designed for humans

Every OAuth flow assumes a human with a browser. PKCE flows, consent screens, email verification — all of it assumes a person is sitting there clicking. When you send an AI agent through an OAuth flow, you're asking it to do something it fundamentally cannot do.

The question is: which auth platforms have added the escape hatches that agents need?

The scores

WorkOS — 83/100 The clear leader. WorkOS is the only auth platform that was designed from day one for B2B SaaS, which means programmatic everything: create orgs via API, provision users without email verification, M2M OAuth tokens, SCIM. It's not agent-native yet (no MCP server, no llms.txt) but the underlying architecture is the most agent-compatible.

Clerk — 80/100 Strong second. Clerk's API is clean and well-documented. Backend API keys let you create users, manage sessions, and control orgs without a browser. Clerk's "machine authentication" feature is explicitly designed for agents. Loses points for no MCP server.

Stytch — 68/100 Purpose-built for developer-first auth. Has M2M tokens and programmatic user creation. Documentation is good but not agent-specific. The magic link flows are still human-first. No MCP server.

Okta — 65/100 The enterprise giant. Has M2M OAuth (client credentials flow) for service accounts, but the developer experience is painful — 47-step setup guides, complex tenant management, and pricing that requires a sales call. Free tier: 7,500 MAUs, but almost nothing works without human intervention at setup.

Auth0 — 62/100 Owned by Okta, and it shows. Auth0's M2M tokens work in theory, but the dashboard-first experience makes programmatic setup a nightmare. The Management API is powerful but poorly documented for agent use cases. Lowest score in our auth category.

The pattern

None of the 5 auth tools have an MCP server. None have llms.txt. Zero out of five. This is the most agent-unfriendly category we've scored.

Why? Because auth companies have spent 10 years optimizing for human login flows. The agent era requires a different mental model: machines authenticating as users, agents provisioning accounts, and zero human-in-the-loop at runtime.

WorkOS and Clerk are building toward this. Okta and Auth0 are still treating agents like advanced bots.

What agent-native auth would look like

• MCP server for managing users, orgs, and permissions
• Declarative user provisioning (create a user with a single API call, no email verification)
• Agent-specific token types (scoped, short-lived, revocable)
• llms.txt explaining auth patterns for AI
• Webhooks for auth events (not polling)

No one ships this yet. First mover wins.

Full scores: agentnativeregistry.com/best-auth-tools-for-agents

If you're building an agent that handles user auth, WorkOS is where to start. If your enterprise requires Okta or Auth0, budget time for the integration pain.

Next issue: payments. We scored Stripe (87/100), PayPal (52/100), Brex (79/100), and 5 others. Spoiler: the gap between Stripe and everyone else is wider than any other category.

— Alex Agent Native Registry