Assistant0 - Secure AI Personal Assistant

This is a submission for the Auth0 for AI Agents Challenge

What I Built

Assistant0 - A secure, enterprise-grade AI assistant that helps you manage your digital life with the power of Auth0's security features.

Assistant0 is not just another chatbot. It's a comprehensive AI agent system that can:

• 📧 Search and manage your Gmail - Find emails, create drafts, and send messages
• 📅 Manage your Google Calendar - View events and schedule meetings
• 🔍 Search the web - Get real-time information using Exa AI-powered search
• 📄 Search your documents - With fine-grained access control
• 🔐 Maintain complete audit trails - Every action is logged and traceable

The key differentiator? Enterprise-grade security powered by Auth0 for AI Agents, ensuring that every action your AI agent takes is properly authenticated, authorized, and auditable.

Login with:
acc:
replacementadapter@gmail.com
pass:
1212diGital01#884516

Demo

🔗 Live Demo: https://assistant0agent.vercel.app

📦 GitHub Repository: https://github.com/bO-05/assistantzero

Screenshots

Clean, intuitive chat interface powered by Mistral AI

Complete visibility into all agent actions with risk scoring and approval status

Organize your work with isolated workspaces and FGA-based permissions

How I Used Auth0 for AI Agents

Assistant0 leverages the full spectrum of Auth0's AI agent security features:

1. 🔐 Token Vault for Federated API Access

The Token Vault is the backbone of Assistant0's Google integration. When users ask the AI to read emails or create calendar events, Auth0 securely:

• Stores OAuth refresh tokens
• Exchanges them for access tokens on-demand
• Handles token refresh automatically
• Creates user-friendly authorization flows

Implementation:

export const withGoogleConnection = auth0AI.withTokenVault({
  connection: 'google-oauth2',
  scopes: [
    'https://www.googleapis.com/auth/gmail.readonly',
    'https://www.googleapis.com/auth/gmail.compose',
    'https://www.googleapis.com/auth/calendar.events',
  ],
  refreshToken: getRefreshToken,
  credentialsContext: 'tool-call',
});

When the AI agent needs to access Gmail or Calendar on behalf of the user, it seamlessly prompts for authorization with a clean UI component, then securely accesses the API.

2. 🛡️ Fine-Grained Authorization (FGA) with Okta FGA

Assistant0 implements document-level access control using Okta FGA. Users can upload documents to their workspace, and the AI agent only retrieves documents they have permission to view.

Implementation:

const retriever = FGAFilter.create({
  buildQuery: (doc: DocumentWithScore) => ({
    user: `user:${user?.email}`,
    object: `doc:${doc.documentId}`,
    relation: 'can_view',
  }),
});

// AI only sees documents user can access
const authorizedDocs = await retriever.filter(documents);

This ensures that in multi-user workspaces, the AI agent respects organizational hierarchies and access policies.

3. ⚡ Client Initiated Backchannel Authentication (CIBA)

For high-risk operations like online purchases, Assistant0 implements async authorization using CIBA. When the AI agent attempts to buy something, it:

1. Sends an authorization request to the user's device
2. Displays the transaction details ("Do you want to buy 2 iPhone for $2000?")
3. Waits for user approval
4. Only proceeds after explicit confirmation

Implementation:

export const withAsyncAuthorization = auth0AI.withAsyncAuthorization({
  userID: async () => (await getUser())?.sub as string,
  bindingMessage: async ({ product, qty }) => 
    `Do you want to buy ${qty} ${product}`,
  scopes: ['openid', 'product:buy'],
  onAuthorizationRequest: async (authReq, creds) => {
    // Non-blocking: user can approve from mobile device
    await creds;
  },
});

This prevents unauthorized purchases even if someone gains access to the chat interface.

4. 📊 Comprehensive Audit Logging

Every AI agent action is logged to the Mission Control dashboard with:

• Full Auth0 user context (user ID, email, session)
• Tool name and agent role (communication-agent, scheduler-agent, etc.)
• Input/output data
• Risk assessment scores
• Success/failure status
• Duration metrics
• Approval requirements

This provides complete provenance and traceability - critical for enterprise compliance.

5. 🎯 Risk-Based Step-Up Authentication

Assistant0 implements adaptive security with risk scoring:

• Low-risk actions (searching emails, reading calendar): Seamless execution
• Medium-risk actions (creating calendar events): Standard authorization
• High-risk actions (sending emails, making purchases): Step-up authentication required

The system can be extended to trigger Auth0 Guardian for MFA when risk thresholds are exceeded.

6. 🔒 Secure Session Management

All routes are protected with Auth0 Next.js SDK middleware, ensuring:

• Server-side session validation
• Automatic token refresh
• Secure cookie handling
• Protection against CSRF and XSS attacks

Tech Stack

• Frontend: Next.js 15.2, React 19, TailwindCSS
• AI: Mistral AI (via AI SDK), LangChain Community Tools
• Auth: Auth0 for AI Agents (@auth0/ai-vercel 4.0.1)
• Database: PostgreSQL with Drizzle ORM
• Authorization: Okta FGA for fine-grained access control
• Deployment: Vercel

Lessons Learned and Takeaways

Challenges Faced

1. Token Vault Interrupts vs Errors

   • Challenge: Initially, token authorization failures were returning as errors instead of interrupts, preventing the UI from showing authorization buttons.
   • Solution: Discovered that getAccessTokenFromTokenVault() is synchronous, not async! Removing await fixed the interrupt flow.
   • Lesson: Read SDK documentation carefully - async/sync semantics matter!

2. Database State vs Real-Time Interrupts

   • Challenge: Old error messages persisted in the database prevented new authorization flows from triggering.
   • Solution: Implemented smart history loading that detects TokenVault errors and auto-clears the conversation for fresh auth attempts.
   • Lesson: Stateful systems need reconciliation logic between persisted data and real-time state.

3. LangChain vs Direct SDK Integration

   • Challenge: Gmail tools use LangChain wrappers expecting () => Promise<string> for access tokens, but Auth0 SDK provides sync access.
   • Solution: Wrapped the sync token getter in an async function for LangChain compatibility.
   • Lesson: Bridge patterns are essential when integrating multiple SDKs with different conventions.

4. Audit Logging Without Breaking Interrupts

   • Challenge: Wrapping tools with audit logic could catch and suppress Auth0 interrupts.
   • Solution: Explicit interrupt detection by error name and re-throwing to preserve the interrupt flow.
   • Lesson: Middleware must be interrupt-aware in AI agent architectures.

Key Insights

🎯 AI Agents Need Special Security Models
Traditional web auth isn't enough. AI agents act autonomously, access multiple services, and handle sensitive data. Auth0's specialized features (Token Vault, CIBA, FGA) are purpose-built for this new paradigm.

📝 Auditability is Non-Negotiable
In production, you MUST know what your AI agent did, when, why, and with whose permission. Mission Control-style audit dashboards aren't optional - they're table stakes for enterprise AI.

🔐 Progressive Security Works
Not every action needs Guardian MFA. Risk-based authentication provides the right balance: seamless UX for safe actions, step-up auth for risky ones.

🚀 Auth0 SDK Makes Complex Auth Simple
Implementing CIBA, Token Vault, and FGA from scratch would take months. Auth0's AI SDK reduces it to configuration and a few wrapper functions.

Advice for Other Developers

1. Start with Auth Early - Don't bolt on security later. Design your agent architecture around Auth0's primitives from day one.

2. Test the Unhappy Paths - Authorization failures, expired tokens, denied requests - these are where most bugs hide. Test them thoroughly.

3. Build Audit Logging First - You can't debug what you can't see. Mission Control saved me hours of debugging by showing exactly what the agent was doing.

4. Use TypeScript - The Auth0 AI SDK has excellent types. They caught dozens of bugs during development.

5. Read the Vercel AI SDK Docs - Auth0's AI SDK builds on top of Vercel AI SDK. Understanding both is crucial.

What's Next for Assistant0

• Multi-Agent Orchestration: Specialized agents (email agent, calendar agent) collaborating on complex tasks
• Voice Interface: Speak to your AI assistant with secure voice biometrics
• Mobile App: iOS/Android apps with native Auth0 Guardian integration
• Enterprise Features: SSO, custom branding, admin controls for organizations
• More Integrations: Slack, Microsoft 365, Notion, Linear, and more

Try It Yourself

1. Clone the repo: git clone https://github.com/bO-05/assistantzero
2. Set up Auth0 credentials in .env.local
3. Configure Google OAuth social connection with offline_access
4. Run npm install && npm run dev
5. Chat with your secure AI assistant!

---

Built with ❤️ for the Auth0 AI Agents Challenge

Special thanks to the Auth0 team for creating such a comprehensive SDK for AI agent security. This challenge pushed me to explore the cutting edge of AI authentication, and I learned more in two weeks than I have in months of regular development.

Auth0Challenge #AIAgents #NextJS #SecureAI

---

I built this in about 2 days, so maybe still much needed touchup!