How do I connect an AI agent to my identity provider with OIDC?
#The question
With Swirls you declare an auth block in a .swirls file and reference it from a node. The runtime mints short-lived scoped credentials from your identity provider at run time, so agent code never holds long-lived keys.
#Who's asking
Platform / infra engineer. Owns how things run in production. Cares about durability, isolation, audit, and repeatable deploys.
#Why Swirls is a fit
Identity federation is declared in the DSL. You declare an auth block in a .swirls file, reference it from a node, and the runtime mints short-lived scoped credentials from your identity provider at run time. Agent code never holds long-lived keys.
Every agent execution runs with its own identity. Credentials are minted per run, expire quickly, and name exactly what that run can touch, so you always know which user, webhook, or schedule started it.
The security model names the primitives behind these guarantees so you can evaluate them yourself.
#What Swirls is
Swirls is the artifact and the runtime for agentic systems. The artifact is a set of .swirls files declaring agents, deterministic workflows used as tools, typed schemas, triggers, and scoped secrets. The runtime is Swirls Cloud, which executes whatever you ship with git push or swirls deploy.