Jwts and Oauth Suck for AI Agents. Meet Wafers
Posted4 months agoActive4 months ago
positiveblue.substack.comTechstory
calmpositive
Debate
20/100
Artificial IntelligenceAuthenticationOauth
Key topics
Artificial Intelligence
Authentication
Oauth
Introduction of Wafers as an alternative to JWTs and OAuth for AI agents.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
N/A
Peak period
3
0-1h
Avg / period
1.7
Key moments
- 01Story posted
Sep 2, 2025 at 11:23 AM EDT
4 months ago
Step 01 - 02First comment
Sep 2, 2025 at 11:23 AM EDT
0s after posting
Step 02 - 03Peak activity
3 comments in 0-1h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 2, 2025 at 1:27 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45104262Type: storyLast synced: 11/17/2025, 10:06:38 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
https://news.ycombinator.com/item?id=39204314
https://news.ycombinator.com/item?id=43499783
https://news.ycombinator.com/item?id=25233311
What are the differences?
In Macaroons, anyone who holds the token can tack on caveats.
In Wafers, only the current holder can extend it, and they can explicitly name the next holder by public key.
That gives you a verifiable chain of custody instead of an unanchored blob.
curious if this can somehow slot into oauth too, or this is impossible? I've been thinking about oauth proxies that alter the oauth scopes into more fine-grained ones, working on this. maybe this is the key to adoption.
You can think about this as a new auth token to add in your stack. It does not need to grow and take over the world overnight. We have seen how hard it is to change the status quo + how much it can adapt to new ideas (ex: SQL vs NoSQL)
For now I would imagine teams who need more flexibility in their auth stack to adopt this for new API