# Authentication Methods Comparison

Agent Auth supports multiple authentication methods to connect with third-party providers. This guide helps you understand the differences and choose the right authentication method for your use case.

## Authentication methods overview
**OAuth 2.0**
**Most secure and widely supported**

User-delegated authentication with automatic token refresh and granular permissions.

**Best for:** Google, Microsoft, Slack, GitHub

**API Keys**
**Simple static credentials**

Provider-issued keys for straightforward server-to-server authentication.

**Best for:** Jira, Asana, Linear, Airtable

**Bearer Tokens**
**User-generated tokens**

Personal access tokens with scoped permissions for individual use.

**Best for:** GitHub PATs, GitLab tokens

**Custom JWT**
**Advanced signed tokens**

Cryptographically signed tokens for service accounts and custom protocols.

**Best for:** Custom integrations, service accounts

## Comparison matrix

| Feature | OAuth 2.0 | API Keys | Bearer Tokens | Custom JWT |
|---------|-----------|----------|---------------|------------|
| **Security Level** | High | Medium | Medium | High |
| **User Interaction** | Required | Optional | Required | Not required |
| **Token Refresh** | Automatic | N/A | Manual | Varies |
| **Setup Complexity** | Moderate | Easy | Easy | Complex |
| **Granular Permissions** | Yes | Limited | Yes | Limited |
| **Provider Support** | Widespread | Common | Common | Limited |

## When to use each method

### OAuth 2.0

**Use when:**
- Provider supports OAuth
- Acting on behalf of users
- Need automatic token refresh
- Require granular permissions
- Building user-facing applications

**Example:** User connects Gmail to send emails through your app

### API Keys

**Use when:**
- Provider only supports API keys
- Building internal tools
- Server-to-server communication
- Simplicity is priority

**Example:** Automated Jira ticket creation for support system

### Bearer Tokens

**Use when:**
- Personal access is sufficient
- Building developer tools
- OAuth unavailable
- User prefers manual control

**Example:** Personal GitHub repository automation

### Custom JWT

**Use when:**
- Provider requires JWT
- Service account access needed
- Custom authentication protocol
- Advanced security requirements

**Example:** Enterprise service account integrations

## Next steps

- [Providers](/agent-auth/providers) - Available third-party providers
- [Connections](/agent-auth/connections) - Configure provider connections
- [Authorization Methods](/agent-auth/tools/authorize) - Detailed authentication implementation