Welcome to the UCAN Working Group 🎟️⚡

User Controlled Authorization Networks (UCANs) are decentralized, capabilities model authorization tokens.

UCAN is a trustless, secure, local-first, user-originated authorization and revocation scheme. UCAN is designed to be very flexible: you can use it offline, online, fully P2P, federated, or with central servers.

Please see the specs for more detail on implementation.

If you're interested in contributing to the development of UCANs, check out the GitHub Discussions. Introduce yourself and your project, and what you're looking to do with UCANs, and join the next community call to meet others. The Discord server is low volume and high signal, feel free to drop in.

Directory

Core specifications

• UCAN Token & Capabilities Format (🏁 start here!)
  • UCAN delegation
  • UCAN invocation
  • UCAN revocation
  • UCAN promises

Additional specifications

• UCAN container

Outdated specifications

Below are listed specifications that are still relevant but should be updated to match the v1 core specifications.

• UCAN HTTP Bearer token

Obsolete specifications

• UCAN IPLD
• UCAN JWT Canonicalization

UCAN-Enabled Specs

• AWAKE: UCAN-based mutually authenticated secure tunnel

Libraries

• TypeScript (NPM)
• Rust (Crate)
• Golang
• Haskell
• UCAN IPLD in JS (NPM)
• UCAN-RPC in JS

Tools

• Testing
  • Fixtures
  • Fixture Generator
• Website

Project Notes

• 2025-07-16: spec v1, 3 implementations, upcoming goals, & more

Presentations

Note that while the below all describe UCAN at the time they were written, the spec has undergone updates. Please refer to the latest specs if you have questions.

• Connecting IPFS users and permissions to DIDs with UCAN (2022)
• Lightweight Credentials with UCAN (2021)
• UCAN (do) secure key management in a browser (2021)
• Coding Earth: Authorizing Users without a Backend (2020)

Community

• Discord Server
• GitHub Discussions
• Community Website