← Back to Documentation

Reference Implementation

Production-ready Authorization Server and Resource Server implementations demonstrating all AAP features.

1,500+
Lines of Python
100%
Spec Coverage
2-3ms
Token Validation

Authorization Server

~800 LOC

Features

  • Client Credentials Grant (RFC 6749)
  • Token Exchange (RFC 8693) with privilege reduction
  • Policy-based capability evaluation
  • ES256/RS256 token signing
  • Delegation depth tracking
  • Oversight requirements configuration

Source Files

→ View README

Resource Server

~700 LOC

Features

  • Complete 7-step validation pipeline
  • JWT signature verification
  • Constraint enforcement (rate limits, domains, time windows)
  • Capability matching with ABNF validation
  • Privacy-preserving error messages
  • Example protected endpoints

Source Files

→ View README

Quick Start

1. Install Dependencies

cd reference-impl
pip install -r requirements.txt

2. Generate Keys

bash scripts/generate_keys.sh

3. Start Authorization Server

cd as
python server.py

4. Start Resource Server

cd rs
python server.py

5. Request Token

curl -X POST http://localhost:8080/token \
  -d grant_type=client_credentials \
  -d client_id=agent-researcher-01 \
  -d client_secret=secret \
  -d operator=org:acme-corp \
  -d capabilities=search.web

Download Implementation

Get the complete reference implementation including AS, RS, policies, and documentation.

View on GitHub →