Is your feature request related to a problem? Please describe.

Yes. A2A is designed to work in conjunction with MCP, as shown in the project’s overview diagram. MCP is adopting OAuth 2.1 for secure user authentication and service authorization within agent-based architectures. If A2A does not follow the same standard, it may lead to interoperability issues and security gaps between the two systems. These gaps could become attack vectors in integrated deployments.

Describe the solution you'd like

I propose that A2A adopt OAuth 2.1-compliant authorization mechanisms, similar to MCP. This would include defining how agents obtain, present, and validate access tokens, and how authorization servers integrate with agent discovery and agent identity information (e.g., Agent Cards).

Describe alternatives you've considered

No response

Additional context

OAuth 2.1 is the latest evolution of the OAuth standard, consolidating best practices and removing deprecated flows. Aligning A2A with this standard would enhance trust, interoperability, and security across agent ecosystems.

Code of Conduct

• I agree to follow this project's Code of Conduct