Cross App Access (XAA) solves the challenge of letting AI agents and applications securely access enterprise resources on behalf of users without consent prompts or credential exposure. Built on the emerging IETF Identity Assertion JWT Authorization Grant specification, XAA shifts access control from end users to the enterprise identity layer using cryptographically signed ID-JAG tokens. The new xaa.dev playground provides a free, zero-setup testing environment where developers can explore the complete XAA flow across all components: requesting apps, resource apps, identity providers, and MCP servers. The playground eliminates the complexity of local infrastructure setup, allowing developers to understand token exchanges, inspect protocol flows, and test their own applications against working XAA implementations in under 60 seconds.
Table of contents
What is Cross App Access?The problem: testing XAA is hardWhat you can do on xaa.devHow to get startedWhy we built a testing site for cross app accessInspect the XAA flowLearn moreSort: