In the age of dynamic workflows (aka AI Agents) we don’t always want to give access to destructive operations or write operations. However, depending on the api we’re working with that fine grained control may not be available to us.

Enter the Workload Identity Reverse Proxy. A service which when deployed can provide OAuth login capabilities and RBAC configuration to centrally manage access tokens and forwarding of requests to upstream APIs.

GitHub Copilot coding agent is an example of an environment which could benefit from the use of a Workload Identity Reverse Proxy. Instead of configuring manually provisioned API keys for MCP servers the reverse proxy FQDN is used for in place of those services APIs. Token exchange then happens similar to the Azure MCP server for each upstream used, authenticating to the reverse proxy instead. The workload’s authentication token is exchanged for a scoped token which is used when making requests to the reverse proxy.

Headless AI agents are thereby enabled to operate autonomously within the bounds of the policies associated with the roles of the exchanged token. This enables enforcement of the principle of least privilege across upstream APIs and with many MCP servers which lack native support for such fine grained controls or support for workload identity authentication.