Official documentation website for the Agent Authorization Profile (AAP) - an OAuth 2.0 authorization profile for autonomous AI agents.
🌐 Live Site: https://aap-protocol.org
AAP extends OAuth 2.0 with structured claims designed specifically for AI agent authorization:
- Agent Identity: Explicit, verifiable identity for autonomous agents
- Capabilities: Specific actions with enforceable constraints (domains, rate limits, time windows)
- Task Binding: Tokens linked to declared purposes
- Delegation: Auditable delegation chains between agents and tools
- Oversight: Claims indicating actions requiring human approval
The website includes 11 comprehensive documentation pages:
- Homepage - Overview and quick links
- Documentation Hub (
/docs) - Central navigation - Getting Started (
/getting-started) - 6-step quick start guide - Complete Specification (
/specification) - Full technical spec - JSON Schemas (
/schemas) - 9 formal validation schemas - Test Vectors (
/test-vectors) - 80+ test cases - Reference Implementation (
/reference-impl) - AS + RS in Python - Migration Guide (
/migration) - OAuth Scopes → AAP - Deployment Patterns (
/deployment) - K8s, Docker, Cloud - FAQ (
/faq) - 30 frequently asked questions - Threat Model (
/threat-model) - 15 attack scenarios
- Node.js 18+ or 20+
- pnpm 8+ (recommended) or npm
# Clone repository
git clone https://github.com/aapspec/website.git
cd website
# Install dependencies
pnpm install
# Run development server
pnpm devOpen http://localhost:3000 to view the site.
pnpm dev # Start development server
pnpm build # Build for production
pnpm start # Start production server
pnpm lint # Run ESLint- Framework: Next.js 16.1.6 (App Router)
- UI: React 19 + Tailwind CSS v4
- Markdown: react-markdown + remark-gfm
- Syntax Highlighting: rehype-highlight + highlight.js
- Icons: lucide-react
- Fonts: Geist Sans + Geist Mono
website/
├── app/ # Next.js App Router pages
│ ├── page.tsx # Homepage
│ ├── docs/ # Documentation hub
│ ├── getting-started/ # Quick start guide
│ ├── specification/ # Full spec viewer
│ ├── schemas/ # JSON Schemas explorer
│ ├── test-vectors/ # Test cases explorer
│ ├── reference-impl/ # Implementation docs
│ ├── migration/ # Migration guide
│ ├── deployment/ # Deployment patterns
│ ├── faq/ # FAQ
│ └── threat-model/ # Security analysis
│
├── components/
│ ├── landing/ # Homepage components
│ ├── docs/ # Documentation components
│ │ ├── MarkdownViewer.tsx
│ │ └── TableOfContents.tsx
│ └── shared/ # Shared UI components
│
├── lib/
│ └── content/ # Content configuration
│
├── public/ # Static assets
│ ├── schemas/ # JSON Schema files
│ ├── docs/ # Markdown documentation
│ ├── test-vectors/ # Test vector files
│ └── reference-impl/ # Reference code
│
└── [config files]
- Specification: github.com/aapspec/spec
- JSON Schemas: github.com/aapspec/schemas
- Reference Implementation: github.com/aapspec/reference-impl
- Test Vectors: github.com/aapspec/test-vectors
We welcome contributions to improve the website!
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test locally (
pnpm dev) - Build to verify (
pnpm build) - Commit your changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open a Pull Request
- Fix typos or unclear documentation
- Improve UI/UX
- Add examples or tutorials
- Enhance accessibility
- Optimize performance
- Add translations
Found a bug? Please open an issue:
https://github.com/aapspec/website/issues/new
Include:
- Description of the bug
- Steps to reproduce
- Expected vs actual behavior
- Screenshots (if applicable)
- Browser/OS information
- IETF Mailing List: oauth@ietf.org
- GitHub Discussions: github.com/aapspec/spec/discussions
- Website: https://aap-protocol.org
Apache License 2.0 - See LICENSE for details.
Built with:
Website Version: 1.0 Last Updated: 2026-02-01 Maintained by: AAP Working Group