TF/Helm are IaC and run from containers, no hashicorp services
CloudSQL, why are you sending your db queries to a SaaS?
LGTM for observability
The vendors we do have are WIF'd (i.e. code & secops scanning)
WIF is the key, mature vendors are supporting WIF, and amazingly the hyperscalers are supporting each others WIFs for cross-cloud, so we can give a GCP SA, AWS perms and vice versa
There’s also a related issue: many services use per-project API tokens. When agents need access to multiple projects, you have to pass several tokens at once. Which often leads to confusion and erratic behavior, including severe hallucinations.
- The application code is exactly the same in prod and preview environments. The only thing that changes is the OAuth provider configuration (endpoints, secrets, etc.), not the auth flow itself.
- The mock lets you specify a user ID / username directly on the sign-in screen, without real credentials or email verification. That makes it usable both for humans testing previews and for agents or automated test suites.
- It also lets us simulate third-party identity providers (Google, etc.) without actually integrating with them in previews. Dealing with things like captchas or provider-side enforcement in ephemeral environments is another source of friction we wanted to avoid.
It’s not real auth, but it keeps previews fully functional and avoids special-casing large parts of the app just to make OAuth work with dynamic URLs.
This sounds like an interesting approach. I’m not fully sure I understand one thing though.
Are you suggesting to completely disable authentication inside the app and rely only on the encrypted channel? If yes, that’s not always an option — many apps have logic that depends on an authentication context, even in preview environments.
If not, how do you translate network-level authentication into app-level authentication? In other words, how does the app know who the caller is, beyond the fact that they can reach it over an encrypted lane?
The idea of treating this as a network isolation problem makes sense, but I’m trying to understand how it works when the app itself still expects a real auth context.
Good question. To clarify: the app still has its own internal auth
logic — we're not bypassing that.
The encrypted lane handles connection isolation (who can reach
the app), while the app still handles identity (who the user is).
For agent-to-app communication specifically, the pattern we use:
1. Agent passes a short-lived token in the request payload (not URL)
2. App validates the token against its local auth store
3. The encrypted lane ensures no one else can intercept/replay that token
Let me clarify. I am not suggesting disabling authentication inside the app. I am suggesting a solution is to layer the network isolation + application auth. The secure application layer channel just removes the OAuth redirect dance for machine-to-machine flows.
For human access, you'd still need SSO. But once the human is authenticated, the services authenticate to one another (machine-to-machine) also at the application layer (not layers 3/4).
Does that make sense for your use case, or are you looking for something
that works with human SSO flows too?
> Wouldn't the client credentials app be a good fit for this? Or do you need user consent/scopes?
If OAuth is already part of the product, switching flows only for preview environments isn’t really an option. It introduces a second auth path that doesn’t exist in production, which adds complexity and creates a risk of auth bugs that only appear later. In practice, teams want previews to exercise the same OAuth flow as prod, not a simplified one.
> For redirect URLs, some identity providers let you configure them via an API key.
That still means introducing provisioning and deprovisioning steps for every ephemeral environment. For example, platforms like Vercel give you PR-based preview URLs out of the box, but it’s not at all obvious how to automatically add and remove redirect URLs in the IdP for each of those. Auth becomes a special case that needs extra orchestration, while everything else is disposable.
> Which resources are protected by OAuth that you want these AI agents to interact with?
The issue isn’t agents accessing OAuth-protected resources directly. It’s agents building and testing applications that themselves rely on OAuth. The pain point is getting fully functional ephemeral environments when OAuth assumes static, pre-registered redirect URLs.
So sounds to me like you are talking about using the authorization code grant in your application and wanting different redirect URLs for each of these environments. Is my assumption correct?
If so, the options that I see are:
* register those URLs at environment creation time. You mention it isn't obvious how to do so. I'm sure that depends on each IDP. I can tell you how to do it for the company I work for (info in bio) but that won't help you if that is not the IDP you are using.
* use wildcarding for redirect URLs. While this is strongly discouraged in production environments, for dev and test environments I don't see a huge issue with it. Again this config is IDP dependent.
* don't use OAuth. The redirect you're frustrated with is a key part of OAuth. At least the authorization code grant. So if that's causing you headaches then don't use it. But I don't know another standards based way to authenticate that is as widely supported and as robust as OAuth/OIDC.
What does your stack look like beyond Kubernetes and AWS? It’s hard to imagine everything there supports truly fine-grained permissions.