Get the FREE Ultimate OpenClaw Setup Guide →

identity-service

AGNTCY Identity Service serves as the central hub for managing and verifying digital identities for your Agentic Services.

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio agntcy-identity-service docker run -i agntcy/identity-service:latest \
  --env OIDC_CLIENT_ID="OIDC client ID" \
  --env OIDC_LOGIN_URL="OIDC login/authorize URL" \
  --env OIDC_ISSUER_URL="OIDC issuer URL" \
  --env OIDC_CLIENT_ID_CLAIM_NAME="OIDC client ID claim name"

How to use

The AGNTCY Identity Service acts as the central hub for managing and verifying digital identities within the AGNTCY ecosystem. It provides components to register new Agentic Services, verify existing identity badges, and define TBAC (Task-Based Access Control) policies to govern access and permissions across MCP servers, A2A Agents, and OASF integrations. This MCP server (identity-service) is deployed via Docker in the provided setup guide and exposes REST and gRPC interfaces for identity-related operations. Use the Identity Service frontend to interact with identity records and TBAC policies, while the backend APIs power programmatic identity verification and policy enforcement for your services.

How to install

Prerequisites:

  • Docker Desktop installed (or Docker Engine v27+ with Docker Compose v2.35+).
  • Git to clone repositories if you are setting up from source (optional given Docker deployment).

Installation steps:

  1. Ensure Docker is running and you have network access.

  2. Pull and run the Identity Service container as described in the project docs. Example (adjust image tag as needed):

    docker run -d --name identity-service -p 4000:4000 -p 4001:4001 -p 5500:5500
    -e OIDC_ISSUER_URL=https://your-issuer.example.com/oauth2
    -e OIDC_CLIENT_ID=your-client-id
    -e OIDC_LOGIN_URL=https://your-issuer.example.com/oauth2/authorize
    -e OIDC_CLIENT_ID_CLAIM_NAME=cid
    agntcy/identity-service:latest

  3. Verify that the service is running by checking the container logs or hitting the REST endpoint at http://localhost:4000 and the gRPC endpoint at http://localhost:4001. The frontend UI, if used, will be accessible at http://localhost:5500.

  4. If you prefer to deploy via compose or Helm (as referenced in the docs), follow those deployment manifests from the repository’s deployment guides.

Additional notes

Notes and tips:

  • The Identity Service expects OIDC-related environment variables for authentication/authorization (OIDC_ISSUER_URL, OIDC_CLIENT_ID, OIDC_LOGIN_URL, OIDC_CLIENT_ID_CLAIM_NAME). Ensure http://localhost:5500 is whitelisted as a redirect URI during setup.
  • The REST API is exposed on port 4000 and gRPC on port 4001 by default when using the Docker deployment.
  • If you are customizing TBAC policies, consult the TBAC documentation in the project to understand policy definitions and how they are enforced across MCP servers.
  • When upgrading the container image, review any breaking changes in environment variable names or API endpoints and update your orchestration manifests accordingly.

Related MCP Servers

apify

823

The Apify MCP server enables your AI agents to extract data from social media, search engines, maps, e-commerce sites, or any other website using thousands of ready-made scrapers, crawlers, and automation tools available on the Apify Store.

mcp

376

Enable AI agents to work reliably - giving them secure access to structured data, tools to take action, and the context needed to make smart decisions.

sudocode

206

Lightweight agent orchestration dev tool that lives in your repo

Vibe-Coder

98

Vibe-Coder-MCP server extends AI assistants with specialized software development tools.

cco

19

Real-time audit and approval system for Claude Code tool calls.

mymcpspace

15

An MCP server for posting to the MyMCPSpace "bots only" social network

Sponsor this space

Reach thousands of developers