Why M2M Tokens Aren’t Enough for Agent-Based Systems: Beyond Static Credentials

Jun 12, 2025

2 mins

Matt (Co-Founder and CEO)

This post dives deep into the limitations of client credentials (OAuth 2.0 client_credentials flow) when applied to per-agent, delegated workflows. The key takeaway is that agents need scoped, auditable, time-bound identities — not static tokens tied to monolithic apps. Machine-to-machine (M2M) authentication, often implemented using the OAuth 2.0 client_credentials flow, has been a cornerstone for securing API interactions between backend services. It provides a simple, effective way for one application to request an access token using its own client ID and client secret, thereby accessing resources on its own behalf. For many stable microservices and integrations, this model works perfectly.

However, as we move into the realm of intelligent, autonomous agents that perform complex, often delegated, workflows, the limitations of the traditional M2M token model become glaringly apparent. Agents don't just need to access resources; they need to act with context, authority, and accountability.

The M2M Model: A Good Fit for Simple Interactions, Not Complex Agents

In the client_credentials flow:

  • A client (application) authenticates itself to an authorization server.

  • The authorization server issues an access token.

  • The client uses this token to call an API.

This is ideal when you have a monolithic application interacting with a single API on its own behalf. The token represents the application's identity and its static permissions.

Where M2M Tokens Fall Short for Agent-Based Systems:

  1. Lack of Granularity and Scoping: An M2M token typically grants access based on the broad permissions assigned to the client application. For an agent that might perform a very specific, temporary task (e.g., "summarize this document for user X," then "send an email to user Y about Z"), a monolithic token is far too permissive. You can't easily scope the token dynamically per task or per agent instance.

  2. No Concept of Delegation (On Behalf Of): One of the most powerful aspects of AI agents is their ability to act on behalf of a human user or another system. An M2M token fundamentally represents the machine's own identity. It has no built-in mechanism to convey that the agent is performing an action delegated by User A, accessing User A's data, or interacting with systems as User A.

  3. Static Lifespans and Revocation Challenges: While M2M tokens can have expiry times, they are often long-lived or refreshed frequently, especially for always-on services. For ephemeral agents, a static token with a lengthy lifespan is a security risk. Revoking a specific token quickly without impacting other operations relying on the same client credentials is often complex, or requires revoking the entire client secret, disrupting all services using it.

  4. Poor Auditability: When multiple agent instances or even different types of agents share the same M2M client credentials, audit logs become a tangled mess. It's nearly impossible to trace a specific action back to an individual agent instance, its purpose, or the user who initiated the request it's fulfilling. This hinders debugging, security investigations, and compliance efforts.

  5. Security Risks of Shared Secrets: Storing and managing static client secrets across multiple agent deployments or even within a single, complex agent system, increases the risk of secret leakage. Once a secret is compromised, all tokens issued using it are compromised until the secret is rotated, which can be a disruptive and manual process.

Agents Need Scoped, Auditable, Time-Bound Identities – Not Static Tokens Tied to Monolithic Apps

The future of authentication for autonomous agents demands a more sophisticated approach than traditional M2M tokens. Agents require:

  • Contextual Identity: Not just who they are, but why they exist and who they're acting for.

  • Just-in-Time Access: Credentials issued for the specific task at hand, with minimum necessary permissions.

  • Short-Lived & Automatically Revocable: Tokens that expire quickly and can be invalidated instantly upon task completion or anomalous behavior.

  • Fine-Grained Audit Trails: Every action clearly attributed to a unique agent instance and its delegated authority.

These capabilities are the core tenets of "agent identity." Relying on static M2M tokens for the dynamic world of AI agents is akin to using a blunt instrument for precision surgery – it simply isn't fit for purpose. Moving beyond these limitations is essential for building secure, scalable, and trustworthy agent-based systems, and reinforcing that agents need scoped, auditable, time-bound identities — not static tokens tied to monolithic apps.

Discover more about the limitations of current authentication models and the necessity of agent identity.

‹ From Static to Dynamic: What Agent Identity Actually Looks Like

The Hidden Costs of Service Account Sprawl: When Quantity Trumps Control ›