@benbrandt why I think approach with agent requesting a text input won't work as good as we want it to :
On the client we would like to understand that a request is an authentication request, we can present it in a different way, we can also suggest a user to input their LLM token they've already provided in the ide

Ack ACP and MCP are different specs (editor-agent vs. tool integration), but MCP's elicitation (URL mode) provides prior art for out-of-band credential handling that avoids LLM/agent exposure. It pauses for browser input without touching the protocol flow. Is this relevant to the design discussion for how to handle sensitive info exchange in ACP?

https://modelcontextprotocol.io/specification/2025-11-25/client/elicitation

Yeah I think MCP elicitation is not a bad way to approach it for two reasons:

1. Client will likely already need to support it if we want to allow MCP servers to use it
2. I think the two use cases it covers are roughly what we need

I have some quibbles with the api design... but I don't know that it is worth changing for reason 1 above.

The interesting thing will be that this elicitation would come outside the context of a session. Which I believe you brought up yesterday @anna239 in our call: we may want a very explicit stage for this, because if we allow for elicitation, we'd need to know if it should show up within a session feed or somewhere else.

I agree that URL-elicitation mechanism would work well for the oauth scenario, let me update rfd with this approach

Added part about MCP-like elicitation mechanism for oauth, @codefromthecrypt thank you so much for pointing this out to me.
Not sure, maybe I should create a separate RFD for the elicitation mechanism, as it's not limited to authentication only and can be used separately too.

I began studying this today (including which editors handle things similarly and might be impacted). I didnt finish that research but dont block on me. I will comment before or after the fact once I parse things well enough to be relevant!

Hey! What do you think about _meta.terminal-auth should we graduate it and make official?

Hey!

I published a very early version of the ACP registry: https://github.com/agentclientprotocol/registry

For now, I have listed only agents that have some authentication methods. At the moment, this is mostly opening a browser and starting an HTTP server from the agent process, or launching a terminal via _meta.terminal-auth.

I think that supporting a proper authentication flow is crucial for smooth distribution in editors and IDEs.

@codefromthecrypt @benbrandt hi folks, what do you think about merging this and starting the implementation? Or are there any more concerns we have to resolve before that?

@anna239 @benbrandt I see 404 here https://agentclientprotocol.com/rfds/auth-methods

Hmm I suspect a mintlify race condition... Hopefully solved on the next merge