Skip to main content
AgentOS validates JWT scopes against required permissions for each endpoint. Control who can access and run your agents, teams, and workflows. JWT verification flow

Quick Start

Enable RBAC when initializing AgentOS: 
from agno.agent import Agent
from agno.db.postgres import PostgresDb
from agno.models.openai import OpenAIResponses
from agno.os import AgentOS

db = PostgresDb(db_url="postgresql+psycopg://ai:ai@localhost:5532/ai")

agent = Agent(
    id="my-agent",
    model=OpenAIResponses(id="gpt-5.2"),
    db=db,
)

agent_os = AgentOS(
    id="my-agent-os",
    agents=[agent],
    authorization=True,
)

app = agent_os.get_app()
Set the JWT_VERIFICATION_KEY environment variable to your public key: 
export JWT_VERIFICATION_KEY="your-public-key"

Scope Format

RBAC uses a hierarchical scope format:
FormatExampleDescription
resource:actionagents:readAccess all resources of a type
resource:<id>:actionagents:my-agent:runAccess a specific resource
resource:*:actionagents:*:readWildcard (equivalent to global)
agent_os:admin-Full access to all endpoints

Complete Scope Reference

Admin Scopes

ScopeDescription
agent_os:adminFull admin access to all endpoints

System Scopes

ScopeDescription
system:readView system configuration and available models

Agent Scopes

ScopeDescription
agents:readList and view all agents
agents:writeCreate and update agents
agents:deleteDelete agents
agents:runRun any agent
agents:<agent-id>:readView a specific agent
agents:<agent-id>:runRun a specific agent

Team Scopes

ScopeDescription
teams:readList and view all teams
teams:writeCreate and update teams
teams:deleteDelete teams
teams:runRun any team
teams:<team-id>:readView a specific team
teams:<team-id>:runRun a specific team

Workflow Scopes

ScopeDescription
workflows:readList and view all workflows
workflows:writeCreate and update workflows
workflows:deleteDelete workflows
workflows:runRun any workflow
workflows:<workflow-id>:readView a specific workflow
workflows:<workflow-id>:runRun a specific workflow

Session Scopes

ScopeDescription
sessions:readView all sessions and session data
sessions:writeCreate, update, and rename sessions
sessions:deleteDelete sessions

Memory Scopes

ScopeDescription
memories:readView memories and memory topics
memories:writeCreate, update, and optimize memories
memories:deleteDelete memories

Knowledge Scopes

ScopeDescription
knowledge:readView and search knowledge content
knowledge:writeAdd and update knowledge content
knowledge:deleteDelete knowledge content

Metrics Scopes

ScopeDescription
metrics:readView metrics
metrics:writeRefresh metrics

Evaluation Scopes

ScopeDescription
evals:readView evaluation runs
evals:writeCreate and update evaluation runs
evals:deleteDelete evaluation runs

Default Scope Mappings

AgentOS automatically maps endpoints to required scopes.
EndpointRequired Scope
GET /configsystem:read
GET /modelssystem:read

Custom Scope Mappings

Customize or extend the default scope mappings using the JWT middleware: 
from agno.os import AgentOS
from agno.os.middleware import JWTMiddleware

agent_os = AgentOS(
    id="my-agent-os",
    agents=[my_agent],
)

app = agent_os.get_app()

app.add_middleware(
    JWTMiddleware,
    verification_keys=["your-jwt-key"],
    algorithm="RS256",
    authorization=True,
    scope_mappings={
        "GET /agents": ["custom:read"],
        "POST /custom/endpoint": ["custom:write"],
        "GET /public/stats": [],  # No scopes required
    }
)
Custom scope mappings are additive to the defaults. To override a default, specify the same route pattern with your custom scopes.

JWT Token Structure

Your JWT tokens should include: 
{
  "sub": "user-123",
  "scopes": ["agents:read", "agents:my-agent:run"],
  "exp": 1735689600,
  "iat": 1735603200
}
ClaimRequiredDescription
scopesYesArray of permission scopes
subNoUser ID (extracted as user_id)
session_idNoSession ID for session tracking
audNoAudience (must match AgentOS id when verify_audience=True)

Example Tokens

Read-only access: 
{
  "scopes": ["agents:read", "teams:read", "sessions:read"]
}
Run a specific agent: 
{
  "scopes": ["agents:my-agent:run", "agents:my-agent:read", "sessions:write"]
}
Admin access: 
{
  "scopes": ["agent_os:admin"]
}

Configuration Options

Configure JWT verification using AuthorizationConfig: 
from agno.os import AgentOS
from agno.os.config import AuthorizationConfig

agent_os = AgentOS(
    id="my-agent-os",
    agents=[agent],
    authorization=True,
    authorization_config=AuthorizationConfig(
        verification_keys=["your-jwt-verification-key"],
        algorithm="RS256",
    ),
)
You can also use a JWKS file: 
authorization_config=AuthorizationConfig(
    jwks_file="/path/to/jwks.json",
    algorithm="RS256",
)
Or set environment variables: 
export JWT_VERIFICATION_KEY="your-public-key"
# or
export JWT_JWKS_FILE="/path/to/jwks.json"

Excluded Routes

These routes are excluded from RBAC checks by default: /, /health, /docs, /redoc, /openapi.json, /docs/oauth2-redirect

Error Responses

Status CodeDescription
401 UnauthorizedMissing or invalid JWT token
403 ForbiddenInsufficient scopes for the requested operation

Examples

Basic RBAC

Basic RBAC example

Per-Agent Permissions

Grant specific permissions to specific agents

Developer Resources

AuthorizationConfig Reference

Configuration options for JWT verification

JWTMiddleware Reference

Complete JWT middleware class reference