Skip to main content
AuthMiddleware is the AgentOS authentication middleware. It handles JWTs, service account tokens (agno_pat_...), the internal service token, and the OS security key, with optional RBAC (Role-Based Access Control) for JWTs. JWTMiddleware still works as an alias for the manual app.add_middleware(JWTMiddleware, ...) setup path.

Import

AuthMiddleware Parameters

TokenSource Enum

Default Excluded Routes

Usage

Basic JWT Validation

JWT with RBAC Authorization

JWT from Cookies

Parameter Injection

Using JWKS File

The JWKS file should have the standard format:

Custom Scope Mappings

Request State

After processing, the middleware stores the following in request.state:

Error Responses

See Also