How to add human approval to async AI agent actions

Client-Initiated Backchannel Authentication (CIBA), as outlined in RFC 9126, addresses the challenge of obtaining human approval for sensitive actions initiated by autonomous AI agents, without requiring the human and agent to be in the same session. This OAuth 2.0 extension separates the service requester from the authenticator, allowing the authorization server to notify the user through out-of-band channels like push notifications or emails, and to await their response, thereby enhancing security and control over autonomous operations. CIBA's implementation involves sending a backchannel authentication request to the authorization server, which then notifies the user to approve or deny the requested action. The agent can receive the user's decision through polling, ping mode, or push mode, depending on the architecture. This system ensures that sensitive actions require explicit human sign-off, reducing risks associated with autonomous decisions and ensuring that even when a user is not directly engaged with the agent, the necessary approvals are sought and logged, creating a clear audit trail of authorizations.