Financial Agents…. Dawn of a New Era

This article details viaNexus' Agentic Workflow service, extending OAuth 2.0/2.1 to enable scalable, autonomous agents in finance. It overcomes traditional OAuth's limits with pre-authorized scopes, and securing agent authentication and authorization.

Pedro J. Aguayo Pedro J. Aguayo
5 min read
Financial Agents…. Dawn of a New Era
Agents need to autonomously yet compliantly access data

Authenticated and Authorized

Previously, I wrote about how existing MCP implementation patterns impede scalable agentic environments, particularly concerning financial data entitlement and permissioned workflows.

Many of the current implementations treat MCP servers as mere clients or interfaces to datastores and API platforms, a pattern that is both a hack and fundamentally unscalable, especially when it comes to institutional grade authentication and authorization in the agentic world.

As agents become increasingly ubiquitous and integrated into our digital ecosystem, their capacity to operate autonomously will inevitably transition from a novel capability to a fundamental standard. To enable these agents to operate as distinct, identifiable, and accountable entities, their tokenization might be necessary, potentially leveraging Web3.x technologies… something for a future discussion.—for now agents must possess and represent a distinct legal or organizational entity in order to have some level of autonomy, and as they continue to evolve and integrate with advanced LLM capabilities, particularly in the areas of finance, the dawn of “ape 😂” (aka. vibe) coding in finance will be inevitable where front or back office workflows will and can be easily handled by digital employees or personas(agents) as well as autonomous agents that will be spawned and called on based on some relevant event that the agent has been predefined by an agent job description.

To facilitate this agile ideation-to-implementation pipeline, a critical prerequisite is the establishment of scalable and autonomous agents. These agents will necessitate seamless access to legal, reliable and high quality financial datasets with minimal, or ideally, no human intervention to configure, or authenticate. 

However, the journey towards fully autonomous financial agents is not without its challenges. Beyond data access, considerations such as ensuring regulatory compliance, managing ethical implications, and developing robust fail-safes for autonomous decision-making will be paramount, not to mention the business model for data monetization in general.

OAuth, currently being the most viable protocol, doesn’t completely satisfy the requirement of a truly scalable autonomous ecosystem. The enhancement of OAuth will require exploring decentralized identity solutions, granular access controls tailored for agent-to-data interactions, and real-time auditing capabilities to maintain transparency and accountability in an increasingly automated financial landscape. The ultimate goal is to create an ecosystem where ideation, powered by human ingenuity and refined by advanced AI, can be swiftly and securely operationalized through autonomous agentic workflows, driving innovation and efficiency across the financial sector.

Below, we explore viaNexus' comprehensive approach, which incorporates an enhanced OAuth protocol to apply these principles.

Our primary focus and illustrative example centers on the development of a sophisticated financial assistant agent, a critical application demanding absolute security and controlled access to entitled and permissioned financial data.

 

Identity and Representation

In the emerging agentic landscape, a vast new arena awaits. We foresee a future where "Digital Employees" are deployed to tackle intricate projects, swiftly coordinating agent teams, gathering pertinent data, and delivering comprehensive results to human stakeholders. But for legal (licensing), quality control, and performance this data cannot be just scraped off the web, or even sourced from market data feeds without the propor controls.

Until agents can self identify, carry wallets, and tokenize themselves as unique entities..hint hint, agents will need to be managed and will represent their human overlord who, rightly so, will want to know what their agents are up to, and what resources are they accessing, acquiring.

The viaNexus Agentic Workflow service aims to achieve fully autonomous operations by extending the OAuth 2.0/2.1 protocol to address the traditional OAuth 2.0 authorization flow's requiring synchronous user interaction for consent and token exchange. 

A key objective was to remove human intervention during the transport and handshake during authentication/authorization and at a very minimal instance an asynchronous communication regarding the agent's progress throughout its workflow.

Challenges with Traditional OAuth in Agentic Workflows

  • User Consent Requirement: Standard OAuth relies on a user explicitly granting permissions through some human interaction like a web browser, which is impractical for institutional and scalable agents.
  • Token Refresh and Expiry: Managing token refresh and expiry in a human-less environment requires robust automated mechanisms to prevent service interruption, data leakage.
  • Security Implications: Bypassing human interaction introduces new security considerations, demanding enhanced safeguards against unauthorized access.

Our Solution: Agentic OAuth Extension

To overcome these hurdles, we've created a unique extension to the OAuth2 protocol. This extension adheres to RFC-6749 and RFC-6750 by utilizing existing protocol attributes. It heavily relies on a combination of pre-authorized scopes, secure service-to-service authentication, and a specialized token management system within our data platform. This system enables represented entities to asynchronously manage agents as they perform their duties.

Pre-Authorized Scopes and Service-to-Service Authentication

Instead of dynamic user consent, our system relies on pre-negotiated and tightly controlled scopes for each agentic workflow. This means that the permissions required by an agent are defined and authorized beforehand during the service's configuration.

The service-to-service authentication is facilitated through an established agent unique identifier and a secure key exchange mechanism, where the viaNexus Agentic Workflow service authenticates directly with resource servers without involving an end-user. This is achieved using:

  • Agent Unique Id: viaNexus generates a unique identifier for each agent provides the ability to track and identify an agent
  • Client Assertions: JWT-based client assertions are used to prove the identity of the viaNexus service client to the authorization server. These assertions are signed using a private key known only to the viaNexus service.
  • Service Accounts: Dedicated service accounts with granular permissions are established on the resource servers, minimizing the attack surface.

Automated Token Management System

A critical component of our solution is the automated token management system. This system is responsible for:

  • Proactive Token Refresh: The system monitors token expiry and initiates refresh requests with the moderator or represented entity through email and/or push notification, proactively, well before tokens expire, to ensure continuous operation.
  • Secure Token Storage: Access and refresh tokens are stored in a highly secure, encrypted vault, accessible only by authorized internal components of the viaNexus service.
  • Error Handling and Retry Mechanisms: Robust error handling and retry logic are implemented to gracefully manage network issues or authorization server unresponsiveness during token acquisition or refresh.
  • Reporting and Agent monitoring: Agents are monitored, with reports detailing their scope access, permissioning, and overall activities.

The following diagram depicts the flow in practical terms:

viaNexus Agentic Workflow Service

Our OpenSource viaNexus Agent client SDK provides a seamless interface for integrating with the viaNexus Agentic Workflow service, abstracting away the underlying complexities of the extended OAuth protocol. Developers can leverage the SDK to trigger and monitor agentic workflows without needing to manage authentication tokens manually, permission scopes, asynchronous notifications and agentic payment services are integrated into the protocol.

We’ll demonstrate how the viaNexus AI services allow conversations with our financial data platform.

Autonomous Agents: Easily develop financial assistant agents

Leveraging Claude Code we develop an autonomous agent that will monitor portfolios for death crosses

The agent, named "Death Cross Financial Agent," will be configured with the following:

  • Pre-authorized Scope: `financial_data.stats.read` - This scope grants the agent permission to access the necessary financial datasets.
  • Event Updates: Using the platform Event Processor the Agent will receive events directly from the source
  • Output: Alerts stakeholders with a comprehensive report by email.
  • Runtime: Runs 24/7 analyzing data for death crosses
0:00
/1:51

Single (human) User interaction with viaNexus data:

This section outlines a practical example of configuring the viaNexus MCP server in Claude Code to create Claude sub-agents which will intercept financial dialogue in Claude to assist with individual financial goals.

0:00
/2:53

Conclusion

With our expanded OAuth protocol within the viaNexus Agentic Workflow service enables true human-less automation, unlocking new possibilities for efficient and autonomous business processes. The viaNexus Agent client SDK further simplifies integration, allowing developers to easily leverage these autonomous capabilities. For further details or to schedule a demonstration, please feel free to contact us a viaNexus

Continue Learning About Us And Our Expanding Ecosystem

viaNexus is rapidly expanding its data offerings and opening the door for AI-driven applications and next-generation financial workflows.

Follow us on our newsletter as we shape the future of financial data.