Access doesn’t have to be all or nothing. OAuth is what lets an agent hold a narrow slice of an account, and agent identity is the separate question of who it’s acting as when it uses that slice.
Think about giving a contractor a badge for your building. You don’t hand over your key ring, alarm code, and office password; you give a badge that opens certain doors, during certain hours, and can be switched off later. OAuth is that badge. It lets a connector say “this agent can read calendar events” without giving away the account password. Good access is scoped: what the agent can do, where, and for how long.
How it shows up
When you connect Gmail, Slack, or QuickBooks to an AI product, the approval screen you see is part of authentication: it shows which account is connecting and what permissions are requested. This is where permission scope matters, since reading email is different from sending it and searching a drive is different from deleting files. Agent identity adds a layer: is the agent acting as you, a service account, or a shared company bot? Logs, approvals, and blame all depend on it. If an agent sends mail from your account, the outside world sees you.
Why you care
OAuth and identity aren’t paperwork. They’re how you keep “AI can do things” from becoming “AI can do anything.” Our practical frame is the privileged employee: a trusted admin could delete every record in an account, and you don’t expect them to, but you still keep backups, access, and review. Agents deserve the same discipline, and they move fast, so one over-broad grant can turn a wrong instruction into damage quickly. The safest agent isn’t the one with no power. It’s the one with exactly the power the job requires, under an identity you can understand and revoke.