This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Most auth providers were built for users and apps, not autonomous agents. SharkAuth is an open-source Auth server for agent delegation: DPoP-bound agent access, revocable may_act grants, delegation chains, cascade revocation, grant_id audit trails, SQLite by default, and one self-hosted Go binary.
Hello Product Hunt
I’m Raúl, the creator of SharkAuth.
I built SharkAuth because I think authentication is about to change.
Most auth systems were designed for a simple world:
user → app → API
But AI agents create a different world:
user → agent → sub-agent → tool → API
And that changes the security model.
Every day we see more stories of agents deleting production data, leaking keys, taking actions they were not supposed to take, or becoming hard to trace once they start calling tools and APIs across a system.
The problem is: if you want users in your app, you can use Auth0, Clerk, Stack Auth, or another auth provider.
But if you want to secure agents acting on behalf of users, you usually have to handroll the primitives yourself:
Who delegated access?
To which agent?
For what scope?
For how long?
Which downstream actions came from that delegation?
Can the entire chain be revoked instantly?
That’s the problem SharkAuth is trying to solve.
SharkAuth is an open-source OAuth server built around agent delegation primitives:
• RFC 8693 Token Exchange
• RFC 9449 DPoP-bound agent access
• revocable may_act grants
• delegation chains
• cascade revocation
• grant_id audit trails
• embedded dashboard
• SQLite by default
• one Go 29MB binary
Today, SharkAuth makes an agent’s access path DPoP-bound, scoped, auditable, and revocable.
The longer-term vault direction is to broker external OAuth tokens behind this model, so agents can use services like Google or GitHub without directly handling upstream bearer tokens.
The demo shows the core primitive:
An agent receives delegated authority.
A downstream access path is created.
We revoke the grant.
The chain dies.
It’s early, open source, and still evolving, but I think this problem is going to matter a lot as agents move from demos into real systems.
I’d love feedback from people building agents, auth systems, devtools, infra, or security products.
Especially curious:
How are you handling delegated agent access today?
And what would you want to see in an authentication provider built specifically for agents?
No comment highlights available yet. Please check back later!
About SharkAuth on Product Hunt
“Auth infrastructure for the agentic era”
SharkAuth was submitted on Product Hunt and earned 4 upvotes and 1 comments, placing #132 on the daily leaderboard. Most auth providers were built for users and apps, not autonomous agents. SharkAuth is an open-source Auth server for agent delegation: DPoP-bound agent access, revocable may_act grants, delegation chains, cascade revocation, grant_id audit trails, SQLite by default, and one self-hosted Go binary.
SharkAuth was featured in Open Source (68.4k followers), Developer Tools (512.9k followers), Artificial Intelligence (469.2k followers) and GitHub (41.2k followers) on Product Hunt. Together, these topics include over 197.8k products, making this a competitive space to launch in.
Who hunted SharkAuth?
SharkAuth was hunted by Raúl R. González. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how SharkAuth stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Raúl R. González