OAuth per tool
Gmail tool: read scope. Calendar tool: write scope. Not user's master account credential.
Advertisement
Consent screen
User approves each tool's scope. Recurring prompt for sensitive scopes. Similar to mobile app permissions.
Advertisement
Token vault
Short-lived tokens fetched at tool call time. Vault stores refresh tokens. Rotation automatic.
Attenuated forwarding
Agent's sub-tools receive further-restricted scopes. Never elevate.