CybrLink
All posts
securityarchitecture

Token custody for AI agents

AI agents need access to user apps, but they should not hold long-lived OAuth tokens. Here is the architecture CybrLink is built around.

by The CybrLink team

AI agents are becoming useful because they can act inside the tools people already use: email, calendars, CRMs, support queues, repos, spreadsheets, and internal systems.

That creates a hard security question: where do the OAuth tokens live?

The problem

An agent runtime is not a credential vault. It is a place where prompts, tool calls, user input, retrieval context, and automation logic all meet. Long-lived provider credentials do not belong there.

The safer pattern is separation:

  • The user approves access through a normal OAuth consent flow.
  • Durable access and refresh tokens are stored in a credential-bearing system.
  • The agent receives a controlled interface for the specific action it needs.
  • Teams can revoke, inspect, and scope access per user and per integration.

The CybrLink shape

CybrLink is designed as the control layer around that pattern. It provides the app catalog, connect UX, session orchestration, connection state, and agent-facing access flow.

Nango is the token layer. Your Nango instance handles provider OAuth, token refresh, and authenticated provider calls. Running Nango yourself means the credential-bearing system can live in infrastructure you control.

When a user connects an app:

  1. Your server asks CybrLink to create a connect session for one user and one integration.
  2. The browser opens the Connect UI with that session.
  3. The user completes the provider consent flow.
  4. The resulting OAuth credentials are stored in your Nango deployment.
  5. Your agent later asks for a permitted action through the access layer instead of holding the raw provider token.

Why this matters

This gives teams a clearer answer to the questions that come up in security review:

  • Which system stores long-lived OAuth tokens?
  • Which user approved this connection?
  • Which integration and scopes were requested?
  • How can access be revoked?
  • Can the agent complete the job without seeing the credential?

CybrLink does not make OAuth magically simple. It makes the moving parts visible: user consent, token custody, scoped agent access, and revocation.

That is the foundation production agents need.

Browse the integrations catalog, read the security model, or start with the docs.