Context Handoff Between Agents (OAuth-Relay Pattern)
Domain 1 · 27%~12 minHinglish narration
Audio-only (commute / mobile data)
Same Saavi narration, smaller file. Opus 48k preferred — auto-selected by your browser.
Scenario anchor
Aaranya IT ke ek BFSI client ke liye imagine karein — ek multi-agent customer-support
pipeline jisme ek triage agent call ko billing agent ko hand off karta hai.
Problem yeh hai: billing agent ke paas original customer ka authenticated
context nahi pahuncha — woh apne scope mein blind hai. Aap ne OAuth relay
configure nahi kiya, aur ab downstream agent ek unauthorized API call kar raha
hai production mein. Yeh lesson exactly yeh resolve karta hai — how to
propagate identity and authorization context across agent boundaries without
re-authenticating at every hop.
Key Takeaways
OAuth token relay propagates the original caller's identity and scoped claims through the agent delegation chain — downstream agents act on behalf of the user, not as a generic service principal.
Each agent in the handoff must validate the relayed token's audience claim and enforce its own scope boundary — context propagation is not the same as permission escalation.
In Claude's agentic architecture, the orchestrator is responsible for attaching the relayed token to the MCP tool-call context before invoking a sub-agent, ensuring audit logs carry consistent principal identity end-to-end.
Memory anchor: treat inter-agent handoff exactly like an API gateway microservices relay — token flows downstream with narrowing scopes, never widening them.