What is OID4AC
OID4AC (OpenID for Agent Clients) is an OAuth 2.0 profile for agent-to-merchant payments. It composes standards-track building blocks (RFC 9126 Pushed Authorization Requests, RFC 9449 DPoP, RFC 9068 JWT Access Tokens, draft-ietf-oauth-sd-jwt-vc Verifiable Credentials, RFC 9421 HTTP Message Signatures) into a single end-to-end protocol whose every step produces a cryptographically verifiable artefact.
OID4Pay is the reference implementation of OID4AC. The Authorization Server
runs at as.oid4pay.com,
the Wallet Portal at wallet.oid4pay.com,
and the open-source merchant SDKs (Node, Python, Go, CDN) plug straight into
any existing storefront stack.
The problem OID4AC solves
AI agents acting on behalf of human principals need to pay merchants without the principal copy-pasting card numbers, without the agent being able to spend beyond the principal's mandate, and without the merchant having to trust the agent's claims about who authorised the charge. OAuth's existing bearer tokens answer none of these. OID4AC answers all of them through four signed artefacts:
- A signed Offer (the merchant attests the SKU, price, and currency).
- A DPoP-bound JWT-AT (the AS attests the agent is authorised).
- An SD-JWT VC mandate (the AS attests the principal consented to a spend cap).
- A KB-JWT presentation (the agent attests this charge is fresh and merchant-bound).
Together the four signatures reconstruct any dispute to a deterministic state. See the four-signature trail for the wire-level walk.
Who it is for
| Audience | What OID4AC gives you |
|---|---|
| Agent builders | A standards-track way to act on behalf of a human principal at any
OID4AC-enabled merchant without holding the principal's card. The MCP
server at @oid4pay/oid4pay-mcp wraps the wire shapes so
model toolchains can call agent_payment_initiate directly. |
| Merchants | A drop-in SDK (Node, Python, Go) that verifies the four signatures and settles the charge through the merchant's existing payment provider (Stripe Connect today). The merchant keeps their own catalog surface; no aggregation through OID4Pay. |
| Wallet operators | The Wallet Portal protocol (see OIDC
discovery) is open. Any OIDC-compliant wallet can be the principal's
control plane. wallet.oid4pay.com is the reference; you can
run your own. |
| Auditors and regulators | Every charge is reconstructable from the four signed artefacts plus the per-tenant audit chain. SOC2 and eIDAS qualified-trust posture are first-class targets, not retrofits. |
Why it is open
The OID4AC specification is on the roadmap for submission to the OpenID
Foundation as an Implementer's Draft. The wire shapes are versioned, pinned,
and not subject to vendor-specific extension; see the wire reference for the exact shapes and the PAR response as the only authorization
channel. The Authorization Server, Wallet Portal, Discovery service, and SDKs
ship under open licences; the catalog protocol
(/.well-known/oid4ac-catalog) is documented and reproducible by
any merchant.
Where to go next
- The four-signature trail walks the wire-level proof chain.
- Architecture shows how AS, wallet, merchant, discovery, and billing fit together.
- Agent quickstart ships a working test payment in five minutes.
- Merchant quickstart adds
verifyOffer+chargeto an existing storefront in ten minutes.