alt Hacker NewsBut, why do we want to tie the agent to the user’s identity?
The interface the user wants is “I pay for and obtain pizza”. The interface the pizzaria wants is “I obtain payment via credit card, and send a pizza to some physical location”.
It doesn’t matter who the agent that orders the pizza is acting on behalf of, or if there is an agent, or if some third party indexed the pizzaria menu, then some anarcho-crypto syndicate based in the White House decided to run an auction, and buy this particular pizza for this particular person.
If a malicious user is attacking a site via an agent, the current solution is to block the agent and everyone else using that agent, because the valid requests are indistinguishable from the malicious requests. If the agent passes on a token identifying the users, you can just block agent requests using the malicious user's token.