Assistant0 - Secure AI Personal Assistant
#devchallenge#auth0challenge#ai#authentication
Adam

Adam @asynchronope

About: A curious being

Location:
~/
Joined:
Feb 18, 2019

Assistant0 - Secure AI Personal Assistant

Publish Date: Oct 27 '25
11 2

This is a submission for the Auth0 for AI Agents Challenge

What I Built

Assistant0 - A secure, enterprise-grade AI assistant that helps you manage your digital life with the power of Auth0's security features.

Assistant0 is not just another chatbot. It's a comprehensive AI agent system that can:

  • 📧 Search and manage your Gmail - Find emails, create drafts, and send messages
  • 📅 Manage your Google Calendar - View events and schedule meetings
  • 🔍 Search the web - Get real-time information using Exa AI-powered search
  • 📄 Search your documents - With fine-grained access control
  • 🔐 Maintain complete audit trails - Every action is logged and traceable

The key differentiator? Enterprise-grade security powered by Auth0 for AI Agents, ensuring that every action your AI agent takes is properly authenticated, authorized, and auditable.

Login with:
acc:
replacementadapter@gmail.com
pass:
1212diGital01#884516

Demo

🔗 Live Demo: https://assistant0agent.vercel.app

📦 GitHub Repository: https://github.com/bO-05/assistantzero

Screenshots

Assistant0 Homepage

Chat interface
Clean, intuitive chat interface powered by Mistral AI

Mission Control - Audit Dashboard

Complete visibility into all agent actions with risk scoring and approval status

Workspace
Organize your work with isolated workspaces and FGA-based permissions

Users

Aplications

APIs

How I Used Auth0 for AI Agents

Assistant0 leverages the full spectrum of Auth0's AI agent security features:

1. 🔐 Token Vault for Federated API Access

The Token Vault is the backbone of Assistant0's Google integration. When users ask the AI to read emails or create calendar events, Auth0 securely:

  • Stores OAuth refresh tokens
  • Exchanges them for access tokens on-demand
  • Handles token refresh automatically
  • Creates user-friendly authorization flows

Implementation:

export const withGoogleConnection = auth0AI.withTokenVault({
  connection: 'google-oauth2',
  scopes: [
    'https://www.googleapis.com/auth/gmail.readonly',
    'https://www.googleapis.com/auth/gmail.compose',
    'https://www.googleapis.com/auth/calendar.events',
  ],
  refreshToken: getRefreshToken,
  credentialsContext: 'tool-call',
});
Enter fullscreen mode Exit fullscreen mode

When the AI agent needs to access Gmail or Calendar on behalf of the user, it seamlessly prompts for authorization with a clean UI component, then securely accesses the API.

2. 🛡️ Fine-Grained Authorization (FGA) with Okta FGA

Assistant0 implements document-level access control using Okta FGA. Users can upload documents to their workspace, and the AI agent only retrieves documents they have permission to view.

Implementation:

const retriever = FGAFilter.create({
  buildQuery: (doc: DocumentWithScore) => ({
    user: `user:${user?.email}`,
    object: `doc:${doc.documentId}`,
    relation: 'can_view',
  }),
});

// AI only sees documents user can access
const authorizedDocs = await retriever.filter(documents);
Enter fullscreen mode Exit fullscreen mode

This ensures that in multi-user workspaces, the AI agent respects organizational hierarchies and access policies.

3. ⚡ Client Initiated Backchannel Authentication (CIBA)

For high-risk operations like online purchases, Assistant0 implements async authorization using CIBA. When the AI agent attempts to buy something, it:

  1. Sends an authorization request to the user's device
  2. Displays the transaction details ("Do you want to buy 2 iPhone for $2000?")
  3. Waits for user approval
  4. Only proceeds after explicit confirmation

Implementation:

export const withAsyncAuthorization = auth0AI.withAsyncAuthorization({
  userID: async () => (await getUser())?.sub as string,
  bindingMessage: async ({ product, qty }) => 
    `Do you want to buy ${qty} ${product}`,
  scopes: ['openid', 'product:buy'],
  onAuthorizationRequest: async (authReq, creds) => {
    // Non-blocking: user can approve from mobile device
    await creds;
  },
});
Enter fullscreen mode Exit fullscreen mode

This prevents unauthorized purchases even if someone gains access to the chat interface.

4. 📊 Comprehensive Audit Logging

Every AI agent action is logged to the Mission Control dashboard with:

  • Full Auth0 user context (user ID, email, session)
  • Tool name and agent role (communication-agent, scheduler-agent, etc.)
  • Input/output data
  • Risk assessment scores
  • Success/failure status
  • Duration metrics
  • Approval requirements

This provides complete provenance and traceability - critical for enterprise compliance.

5. 🎯 Risk-Based Step-Up Authentication

Assistant0 implements adaptive security with risk scoring:

  • Low-risk actions (searching emails, reading calendar): Seamless execution
  • Medium-risk actions (creating calendar events): Standard authorization
  • High-risk actions (sending emails, making purchases): Step-up authentication required

The system can be extended to trigger Auth0 Guardian for MFA when risk thresholds are exceeded.

6. 🔒 Secure Session Management

All routes are protected with Auth0 Next.js SDK middleware, ensuring:

  • Server-side session validation
  • Automatic token refresh
  • Secure cookie handling
  • Protection against CSRF and XSS attacks

Tech Stack

  • Frontend: Next.js 15.2, React 19, TailwindCSS
  • AI: Mistral AI (via AI SDK), LangChain Community Tools
  • Auth: Auth0 for AI Agents (@auth0/ai-vercel 4.0.1)
  • Database: PostgreSQL with Drizzle ORM
  • Authorization: Okta FGA for fine-grained access control
  • Deployment: Vercel

Lessons Learned and Takeaways

Challenges Faced

  1. Token Vault Interrupts vs Errors

    • Challenge: Initially, token authorization failures were returning as errors instead of interrupts, preventing the UI from showing authorization buttons.
    • Solution: Discovered that getAccessTokenFromTokenVault() is synchronous, not async! Removing await fixed the interrupt flow.
    • Lesson: Read SDK documentation carefully - async/sync semantics matter!

  2. Database State vs Real-Time Interrupts

    • Challenge: Old error messages persisted in the database prevented new authorization flows from triggering.
    • Solution: Implemented smart history loading that detects TokenVault errors and auto-clears the conversation for fresh auth attempts.
    • Lesson: Stateful systems need reconciliation logic between persisted data and real-time state.

  3. LangChain vs Direct SDK Integration

    • Challenge: Gmail tools use LangChain wrappers expecting () => Promise<string> for access tokens, but Auth0 SDK provides sync access.
    • Solution: Wrapped the sync token getter in an async function for LangChain compatibility.
    • Lesson: Bridge patterns are essential when integrating multiple SDKs with different conventions.

  4. Audit Logging Without Breaking Interrupts

    • Challenge: Wrapping tools with audit logic could catch and suppress Auth0 interrupts.
    • Solution: Explicit interrupt detection by error name and re-throwing to preserve the interrupt flow.
    • Lesson: Middleware must be interrupt-aware in AI agent architectures.

Key Insights

🎯 AI Agents Need Special Security Models
Traditional web auth isn't enough. AI agents act autonomously, access multiple services, and handle sensitive data. Auth0's specialized features (Token Vault, CIBA, FGA) are purpose-built for this new paradigm.

📝 Auditability is Non-Negotiable
In production, you MUST know what your AI agent did, when, why, and with whose permission. Mission Control-style audit dashboards aren't optional - they're table stakes for enterprise AI.

🔐 Progressive Security Works
Not every action needs Guardian MFA. Risk-based authentication provides the right balance: seamless UX for safe actions, step-up auth for risky ones.

🚀 Auth0 SDK Makes Complex Auth Simple
Implementing CIBA, Token Vault, and FGA from scratch would take months. Auth0's AI SDK reduces it to configuration and a few wrapper functions.

Advice for Other Developers

  1. Start with Auth Early - Don't bolt on security later. Design your agent architecture around Auth0's primitives from day one.

  2. Test the Unhappy Paths - Authorization failures, expired tokens, denied requests - these are where most bugs hide. Test them thoroughly.

  3. Build Audit Logging First - You can't debug what you can't see. Mission Control saved me hours of debugging by showing exactly what the agent was doing.

  4. Use TypeScript - The Auth0 AI SDK has excellent types. They caught dozens of bugs during development.

  5. Read the Vercel AI SDK Docs - Auth0's AI SDK builds on top of Vercel AI SDK. Understanding both is crucial.

What's Next for Assistant0

  • Multi-Agent Orchestration: Specialized agents (email agent, calendar agent) collaborating on complex tasks
  • Voice Interface: Speak to your AI assistant with secure voice biometrics
  • Mobile App: iOS/Android apps with native Auth0 Guardian integration
  • Enterprise Features: SSO, custom branding, admin controls for organizations
  • More Integrations: Slack, Microsoft 365, Notion, Linear, and more

Try It Yourself

  1. Clone the repo: git clone https://github.com/bO-05/assistantzero
  2. Set up Auth0 credentials in .env.local
  3. Configure Google OAuth social connection with offline_access
  4. Run npm install && npm run dev
  5. Chat with your secure AI assistant!

Built with ❤️ for the Auth0 AI Agents Challenge

Special thanks to the Auth0 team for creating such a comprehensive SDK for AI agent security. This challenge pushed me to explore the cutting edge of AI authentication, and I learned more in two weeks than I have in months of regular development.

Auth0Challenge #AIAgents #NextJS #SecureAI

I built this in about 2 days, so maybe still much needed touchup!

Comments 2 total

Add comment