Inside the Auth0 + Skyfire Demo: How Agents Can Act on Your Behalf Without Exposing Identity or Payment Credentials
For years, Auth0 has been at the forefront of identity and access management, powering login, authentication, and API protection for thousands of applications and platforms. But at the Skyfire Agentic Commerce event, they showed something different: How the identity infrastructure powered by Auth0 enables a world where agents can shop for you securely.
Their demo, built live and run entirely in real-time, showed how agents can authenticate, browse, add items to a cart, and even complete a payment, all without ever seeing the user’s credentials, identity information, or payment data in plaintext. And none of this required the user to change behavior, install a browser extension, or interact with unfamiliar interfaces.
This is what it looks like when Auth0, Skyfire, and KYAPay integrate together through open protocols.
The Problem: Identity and Trust in an Agentic Web
In traditional commerce, the user logs into a retailer, stores a card, maybe uses a password manager, and completes a purchase. But agents won’t have a human being ready to manually create accounts or log in for every site that the agent could possibly access. And without provable, scoped credentials, agents can’t get the access they need to shop.
That’s the friction point Auth0 tackled. The demo started with Claude Desktop acting as the agent. The user asked Claude to buy a Scandinavian coffee table. Under the hood, the agent needed to authenticate the user to a third-party retail site, initiate a checkout, and authorize payment without ever impersonating the user directly or scraping their session.
Normally, this would be impossible.
But in this flow, Skyfire handled identity verification through a KYA (Know Your Agent) flow. The result was a KYA token, issued to the agent, scoped to the user, and verifiable by third-party systems.
This is where the existing infrastructure for the retailer, built with open standards using Auth0, can unlock access for agents. The retail site offered an MCP Server protected by Auth0 for MCP, using RFC 8693 Token-Exchange. The Agent was able to present the KYA token to Auth0, obtain access to browse the catalog, and add items to the cart on the user’s behalf.
In principle, this is very similar to the real-world experience where an Interior Designer might be able to browse the catalog and make a quote or proposal on behalf of a mutual customer of the Furniture vendor and the Interior Designer.
AI Agents working on users’ behalf will need similar, on-behalf-of access to the web and app experiences that people leverage.
From Token to Checkout with KYAPay
Once the agent had selected an item, it attempted to check out. This is where KYAPay entered the flow.
The agent made an HTTP POST request to the retailer’s MCP tool. As expected, it received a 402 Payment Required response. Rather than failing, the agent triggered a payment flow via KYAPay, minting a single-use Pay token without ever accessing the user’s payment card, or full identity payload.
The token was sent to the merchant, which accepted it and processed the order. The purchase was confirmed. The agent never had access to the user’s session or credentials. The merchant never had to guess whether the agent was legitimate.
Every step was traceable. Every action was permissioned.
Why This Demo Matters
This wasn’t a hack. It was a reference implementation of what agentic commerce infrastructure needs to look like if it’s going to scale.
- Skyfire verified identity and issued user-bound KYA tokens.
- Auth0 acted as the credential broker, translating identity into access tokens.
- KYAPay completed the circuit with Pay tokens, enabling agents to transact without credential leakage or fraud risk.
The entire system worked without new browser extensions, apps, or complex onboarding flows. It used real web protocols, existing payment rails, and composable authentication primitives. And it did so while respecting user agency, merchant verification, and agent capability boundaries.
Even more compelling: Auth0 is making this system modular. Their platform now supports Skyfire identity tokens out of the box. The code to perform a KYA-to-Access token exchange is minimal. And they’re collaborating with Skyfire to open-source this demo as a reference architecture for any developer building shopping agents or permissioned services.
This wasn’t a proof-of-concept. This was infrastructure.
🎥 Watch the full demo: https://youtu.be/PPflH8LbYn0
🧠 Read more at skyfire.xyz/blog
