DEV Community: jacobgadek The latest articles on DEV Community by jacobgadek (@jacobgadek). https://dev.to/jacobgadek https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3704342%2Fbbaa2314-65d2-4e1e-83d5-1ae20d652d06.png DEV Community: jacobgadek https://dev.to/jacobgadek en How to Automate LinkedIn Without Getting Blocked jacobgadek Wed, 14 Jan 2026 14:40:24 +0000 https://dev.to/jacobgadek/how-to-automate-linkedin-without-getting-blocked-3bih https://dev.to/jacobgadek/how-to-automate-linkedin-without-getting-blocked-3bih <p>LinkedIn automation is a nightmare. If you've ever tried to scrape your connections or automate DMs, you know the pain:</p> <ol> <li> <strong>Login Scripts Fail</strong>: LinkedIn detects Selenium/Playwright login attempts instantly.</li> <li> <strong>2FA is a Blocker</strong>: You can't automate the OTP step easily.</li> <li> <strong>Account Flagging</strong>: Repeated logins from "clean" headless browsers look suspicious.</li> </ol> <p>I spent days trying to build a robust login bot. Then I realized I was solving the wrong problem.</p> <p><strong>Why hack the login door when I'm already inside?</strong></p> <h2> The Solution: Session Handoff </h2> <p>Instead of teaching your bot to log in, you should just hand it your existing Chrome session.</p> <p>Your local browser already holds the "Golden Ticket": a valid, authenticated session cookie that LinkedIn trusts. I built a tool called <strong>Romek</strong> to grab that ticket and pass it to your automation scripts.</p> <h2> Step-by-Step Guide </h2> <h3> 1. Install Romek </h3> <p>Romek is the bridge between your local Chrome browser and your Python script.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>romek </code></pre> </div> <h3> 2. Grab your LinkedIn Session </h3> <p>Run this one command in your terminal. It extracts the encrypted cookies from Chrome, decrypts them safely, and stores them in a local vault.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># This grabs cookies specifically for linkedin.com</span> romek grab linkedin.com </code></pre> </div> <p><em>(Note: You need to be logged into LinkedIn on Chrome for this to work)</em></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvkn66xvyj6dur7grianr.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fvkn66xvyj6dur7grianr.gif" alt="Romekdemo" width="200" height="108"></a></p> <h3> 3. Inject into Playwright </h3> <p>Now, tell your bot to use those cookies. No username, no password, no 2FA.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">playwright.sync_api</span> <span class="kn">import</span> <span class="n">sync_playwright</span> <span class="kn">from</span> <span class="n">romek</span> <span class="kn">import</span> <span class="n">Vault</span> <span class="c1"># 1. Retrieve the valid session </span><span class="n">vault</span> <span class="o">=</span> <span class="nc">Vault</span><span class="p">()</span> <span class="n">cookies</span> <span class="o">=</span> <span class="n">vault</span><span class="p">.</span><span class="nf">get_session</span><span class="p">(</span><span class="sh">"</span><span class="s">linkedin.com</span><span class="sh">"</span><span class="p">)</span> <span class="k">with</span> <span class="nf">sync_playwright</span><span class="p">()</span> <span class="k">as</span> <span class="n">p</span><span class="p">:</span> <span class="n">browser</span> <span class="o">=</span> <span class="n">p</span><span class="p">.</span><span class="n">chromium</span><span class="p">.</span><span class="nf">launch</span><span class="p">(</span><span class="n">headless</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="c1"># Headless=False lets you see the magic </span> <span class="n">context</span> <span class="o">=</span> <span class="n">browser</span><span class="p">.</span><span class="nf">new_context</span><span class="p">()</span> <span class="c1"># 2. Inject the cookies BEFORE navigating </span> <span class="n">context</span><span class="p">.</span><span class="nf">add_cookies</span><span class="p">(</span><span class="n">cookies</span><span class="p">)</span> <span class="n">page</span> <span class="o">=</span> <span class="n">context</span><span class="p">.</span><span class="nf">new_page</span><span class="p">()</span> <span class="c1"># 3. Go straight to the feed </span> <span class="n">page</span><span class="p">.</span><span class="nf">goto</span><span class="p">(</span><span class="sh">"</span><span class="s">https://www.linkedin.com/feed/</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Success! You are already logged in. </span> <span class="nf">print</span><span class="p">(</span><span class="n">page</span><span class="p">.</span><span class="nf">title</span><span class="p">())</span> <span class="c1"># ... insert your scraping logic here ... </span></code></pre> </div> <h2> Why This is Safer </h2> <ul> <li> <strong>Residential IP Match</strong>: If you run this locally, your bot shares your exact IP address.</li> <li> <strong>Correct Headers</strong>: You aren't generating a fresh, empty fingerprint. You are continuing an existing, trusted session.</li> <li> <strong>Zero Credential Risk</strong>: You never hardcode your password or manage <code>.env</code> files for secrets.</li> </ul> <h2> Supports More Than Just Python </h2> <p>If you are into low-code automation, I also built an <a href="https://www.npmjs.com/package/n8n-nodes-romek" rel="noopener noreferrer">n8n node</a> that does this exact same thing for workflow automation.</p> <h2> Links </h2> <ul> <li> <strong>GitHub</strong>: <a href="https://github.com/jacobgadek/romek" rel="noopener noreferrer">https://github.com/jacobgadek/romek</a> <em>(Star it if this saved you a headache! ⭐)</em> </li> <li> <strong>PyPI</strong>: <a href="https://pypi.org/project/romek/" rel="noopener noreferrer">https://pypi.org/project/romek/</a> </li> </ul> python automation webscraping playwright Reverse-Engineering Chrome's Cookie Encryption (To Authenticate AI Agents) jacobgadek Sun, 11 Jan 2026 18:52:50 +0000 https://dev.to/jacobgadek/reverse-engineering-chromes-cookie-encryption-to-authenticate-ai-agents-212i https://dev.to/jacobgadek/reverse-engineering-chromes-cookie-encryption-to-authenticate-ai-agents-212i <p>If you've built AI agents that interact with websites, you've hit this wall: login screens.</p> <p>Your agent needs to check LinkedIn notifications, scrape a dashboard, or post to a platform. But the site demands authentication. So you do what every developer does at first — you open Chrome DevTools, copy the <code>Cookie</code> header, and paste it into your script.</p> <p>It works. For about 24 hours. Then the session expires, your automation breaks at 3am, and you wake up to angry alerts.</p> <p>I got tired of this cycle. Chrome already has my authenticated sessions stored locally. I'm logged into LinkedIn right now. What if my agent could just... use that?</p> <p>Turns out it can. But Chrome doesn't make it easy.</p> <h2> Where Chrome Stores Cookies </h2> <p>Chrome stores cookies in a SQLite database. The location depends on your OS:</p> <p><strong>Mac:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>~/Library/Application Support/Google/Chrome/Default/Cookies </code></pre> </div> <p><strong>Linux:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>~/.config/google-chrome/Default/Cookies </code></pre> </div> <p><strong>Windows:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>%LOCALAPPDATA%\Google\Chrome\User Data\Default\Network\Cookies </code></pre> </div> <p>You can open it with any SQLite client:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sqlite3 ~/Library/Application<span class="se">\ </span>Support/Google/Chrome/Default/Cookies </code></pre> </div> <p>The schema looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="n">sqlite</span><span class="o">&gt;</span> <span class="p">.</span><span class="k">schema</span> <span class="n">cookies</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">cookies</span><span class="p">(</span> <span class="n">creation_utc</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">host_key</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">name</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">value</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">encrypted_value</span> <span class="nb">BLOB</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">path</span> <span class="nb">TEXT</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">expires_utc</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">is_secure</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="n">is_httponly</span> <span class="nb">INTEGER</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span> <span class="p">...</span> <span class="p">);</span> </code></pre> </div> <p>Let's query LinkedIn's cookies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">name</span><span class="p">,</span> <span class="n">value</span><span class="p">,</span> <span class="n">encrypted_value</span> <span class="k">FROM</span> <span class="n">cookies</span> <span class="k">WHERE</span> <span class="n">host_key</span> <span class="k">LIKE</span> <span class="s1">'%linkedin%'</span><span class="p">;</span> </code></pre> </div> <p>You'll see something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>name: li_at value: (empty) encrypted_value: v10[blob of binary garbage] </code></pre> </div> <p>The <code>value</code> column is empty. Everything interesting is in <code>encrypted_value</code>. And that blob? It's encrypted.</p> <h2> How Chrome Encrypts Cookies </h2> <p>Chrome started encrypting cookies around 2014 to prevent malware from trivially stealing sessions. The encryption varies by platform.</p> <h3> Mac: Keychain + AES-128-CBC </h3> <p>On macOS, Chrome:</p> <ol> <li>Stores a master key in the macOS Keychain under "Chrome Safe Storage"</li> <li>Derives an encryption key using PBKDF2 with: <ul> <li>Password: the Keychain-stored key</li> <li>Salt: <code>saltysalt</code> (yes, literally the string "saltysalt")</li> <li>Iterations: 1003</li> <li>Key length: 16 bytes (AES-128)</li> </ul> </li> <li>Encrypts each cookie value with AES-128-CBC</li> <li>Prepends <code>v10</code> to indicate the encryption version</li> </ol> <h3> Linux: libsecret + AES-128-CBC </h3> <p>Linux uses a similar approach but stores the key in GNOME Keyring or KWallet via libsecret. If no keyring is available, Chrome falls back to a hardcoded key: <code>peanuts</code> (again, literally).</p> <h3> Windows: DPAPI </h3> <p>Windows uses the Data Protection API (DPAPI), which ties encryption to the Windows user account. This is actually more secure since there's no extractable key — decryption only works for the logged-in user.</p> <h2> Decrypting Cookies with Python </h2> <p>Let's write the decryption. I'll focus on macOS since that's what I use, but the approach is similar for Linux.</p> <h3> Step 1: Get the encryption key from Keychain </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">subprocess</span> <span class="k">def</span> <span class="nf">get_chrome_key_mac</span><span class="p">():</span> <span class="n">cmd</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">'</span><span class="s">security</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">find-generic-password</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">-s</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Chrome Safe Storage</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">-w</span><span class="sh">'</span> <span class="p">]</span> <span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="n">cmd</span><span class="p">,</span> <span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">strip</span><span class="p">()</span> </code></pre> </div> <h3> Step 2: Derive the AES key </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.kdf.pbkdf2</span> <span class="kn">import</span> <span class="n">PBKDF2HMAC</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives</span> <span class="kn">import</span> <span class="n">hashes</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.backends</span> <span class="kn">import</span> <span class="n">default_backend</span> <span class="k">def</span> <span class="nf">derive_key</span><span class="p">(</span><span class="n">chrome_key</span><span class="p">):</span> <span class="n">kdf</span> <span class="o">=</span> <span class="nc">PBKDF2HMAC</span><span class="p">(</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">hashes</span><span class="p">.</span><span class="nc">SHA1</span><span class="p">(),</span> <span class="n">length</span><span class="o">=</span><span class="mi">16</span><span class="p">,</span> <span class="n">salt</span><span class="o">=</span><span class="sa">b</span><span class="sh">'</span><span class="s">saltysalt</span><span class="sh">'</span><span class="p">,</span> <span class="n">iterations</span><span class="o">=</span><span class="mi">1003</span><span class="p">,</span> <span class="n">backend</span><span class="o">=</span><span class="nf">default_backend</span><span class="p">()</span> <span class="p">)</span> <span class="k">return</span> <span class="n">kdf</span><span class="p">.</span><span class="nf">derive</span><span class="p">(</span><span class="n">chrome_key</span><span class="p">.</span><span class="nf">encode</span><span class="p">())</span> </code></pre> </div> <h3> Step 3: Decrypt the cookie </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.ciphers</span> <span class="kn">import</span> <span class="n">Cipher</span><span class="p">,</span> <span class="n">algorithms</span><span class="p">,</span> <span class="n">modes</span> <span class="k">def</span> <span class="nf">decrypt_cookie</span><span class="p">(</span><span class="n">encrypted_value</span><span class="p">,</span> <span class="n">key</span><span class="p">):</span> <span class="c1"># v10 prefix indicates encryption version </span> <span class="k">if</span> <span class="n">encrypted_value</span><span class="p">[:</span><span class="mi">3</span><span class="p">]</span> <span class="o">!=</span> <span class="sa">b</span><span class="sh">'</span><span class="s">v10</span><span class="sh">'</span><span class="p">:</span> <span class="k">return</span> <span class="n">encrypted_value</span><span class="p">.</span><span class="nf">decode</span><span class="p">()</span> <span class="c1"># Not encrypted </span> <span class="n">encrypted_value</span> <span class="o">=</span> <span class="n">encrypted_value</span><span class="p">[</span><span class="mi">3</span><span class="p">:]</span> <span class="c1"># Remove prefix </span> <span class="c1"># AES-128-CBC with 16-byte IV of spaces </span> <span class="n">iv</span> <span class="o">=</span> <span class="sa">b</span><span class="sh">'</span><span class="s"> </span><span class="sh">'</span> <span class="o">*</span> <span class="mi">16</span> <span class="n">cipher</span> <span class="o">=</span> <span class="nc">Cipher</span><span class="p">(</span> <span class="n">algorithms</span><span class="p">.</span><span class="nc">AES</span><span class="p">(</span><span class="n">key</span><span class="p">),</span> <span class="n">modes</span><span class="p">.</span><span class="nc">CBC</span><span class="p">(</span><span class="n">iv</span><span class="p">),</span> <span class="n">backend</span><span class="o">=</span><span class="nf">default_backend</span><span class="p">()</span> <span class="p">)</span> <span class="n">decryptor</span> <span class="o">=</span> <span class="n">cipher</span><span class="p">.</span><span class="nf">decryptor</span><span class="p">()</span> <span class="n">decrypted</span> <span class="o">=</span> <span class="n">decryptor</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">encrypted_value</span><span class="p">)</span> <span class="o">+</span> <span class="n">decryptor</span><span class="p">.</span><span class="nf">finalize</span><span class="p">()</span> <span class="c1"># Remove PKCS7 padding </span> <span class="n">padding_len</span> <span class="o">=</span> <span class="n">decrypted</span><span class="p">[</span><span class="o">-</span><span class="mi">1</span><span class="p">]</span> <span class="k">return</span> <span class="n">decrypted</span><span class="p">[:</span><span class="o">-</span><span class="n">padding_len</span><span class="p">].</span><span class="nf">decode</span><span class="p">()</span> </code></pre> </div> <h3> Putting it together </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">sqlite3</span> <span class="kn">import</span> <span class="n">shutil</span> <span class="kn">import</span> <span class="n">tempfile</span> <span class="k">def</span> <span class="nf">get_linkedin_cookies</span><span class="p">():</span> <span class="c1"># Copy database (Chrome locks the original) </span> <span class="n">cookie_path</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">path</span><span class="p">.</span><span class="nf">expanduser</span><span class="p">(</span> <span class="sh">'</span><span class="s">~/Library/Application Support/Google/Chrome/Default/Cookies</span><span class="sh">'</span> <span class="p">)</span> <span class="k">with</span> <span class="n">tempfile</span><span class="p">.</span><span class="nc">NamedTemporaryFile</span><span class="p">(</span><span class="n">delete</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="k">as</span> <span class="n">tmp</span><span class="p">:</span> <span class="n">shutil</span><span class="p">.</span><span class="nf">copy2</span><span class="p">(</span><span class="n">cookie_path</span><span class="p">,</span> <span class="n">tmp</span><span class="p">.</span><span class="n">name</span><span class="p">)</span> <span class="n">conn</span> <span class="o">=</span> <span class="n">sqlite3</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="n">tmp</span><span class="p">.</span><span class="n">name</span><span class="p">)</span> <span class="n">cursor</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">cursor</span><span class="p">()</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="sh">'''</span><span class="s"> SELECT name, encrypted_value FROM cookies WHERE host_key LIKE </span><span class="sh">'</span><span class="s">%linkedin%</span><span class="sh">'</span><span class="s"> </span><span class="sh">'''</span><span class="p">)</span> <span class="n">chrome_key</span> <span class="o">=</span> <span class="nf">get_chrome_key_mac</span><span class="p">()</span> <span class="n">aes_key</span> <span class="o">=</span> <span class="nf">derive_key</span><span class="p">(</span><span class="n">chrome_key</span><span class="p">)</span> <span class="n">cookies</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">name</span><span class="p">,</span> <span class="n">encrypted_value</span> <span class="ow">in</span> <span class="n">cursor</span><span class="p">.</span><span class="nf">fetchall</span><span class="p">():</span> <span class="n">cookies</span><span class="p">[</span><span class="n">name</span><span class="p">]</span> <span class="o">=</span> <span class="nf">decrypt_cookie</span><span class="p">(</span><span class="n">encrypted_value</span><span class="p">,</span> <span class="n">aes_key</span><span class="p">)</span> <span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">os</span><span class="p">.</span><span class="nf">unlink</span><span class="p">(</span><span class="n">tmp</span><span class="p">.</span><span class="n">name</span><span class="p">)</span> <span class="k">return</span> <span class="n">cookies</span> <span class="c1"># Usage </span><span class="n">cookies</span> <span class="o">=</span> <span class="nf">get_linkedin_cookies</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">cookies</span><span class="p">)</span> <span class="c1"># {'li_at': 'AQEDAT...', 'JSESSIONID': 'ajax:123...', ...} </span></code></pre> </div> <p>It works. You now have decrypted session cookies that you can use in requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">'</span><span class="s">https://www.linkedin.com/feed/</span><span class="sh">'</span><span class="p">,</span> <span class="n">cookies</span><span class="o">=</span><span class="n">cookies</span> <span class="p">)</span> <span class="c1"># You're authenticated </span></code></pre> </div> <h2> Why a Script Isn't Enough </h2> <p>So we can decrypt cookies. Problem solved?</p> <p>Not quite. This script has issues:</p> <p><strong>Security:</strong> The decrypted cookies are now in plaintext in your script's memory, your logs, potentially your git history. Session tokens are as sensitive as passwords.</p> <p><strong>No scoping:</strong> Any script can access any cookie. Your "LinkedIn agent" can also read your bank cookies. That's a security nightmare.</p> <p><strong>No audit trail:</strong> When something goes wrong (and it will), you have no idea which agent accessed what, when.</p> <p><strong>Session management:</strong> Cookies expire. Sites rotate tokens. You need to track freshness and know when to re-authenticate.</p> <p><strong>Multi-agent chaos:</strong> When you have 5 agents accessing 10 sites, the cookie management becomes its own project.</p> <h2> From Script to Tool </h2> <p>This is why I built <a href="https://github.com/jacobgadek/agent-auth" rel="noopener noreferrer">AgentAuth</a>.</p> <p>The architecture:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ Chrome Extension│────▶│ Encrypted Vault │────▶│ Your Agent │ │ (export once) │ │ (AES-256) │ │ (scoped access)│ └─────────────────┘ └─────────────────┘ └─────────────────┘ </code></pre> </div> <ol> <li><p><strong>Chrome Extension:</strong> You click "Export" while logged into a site. The extension captures the cookies and sends them to the local vault. No more DevTools copy-paste.</p></li> <li><p><strong>Encrypted Vault:</strong> Cookies are stored in a local SQLite database, encrypted with AES-256 using a password you control. Not scattered across scripts.</p></li> <li><p><strong>Scoped Agents:</strong> You create named agents with specific domain access. Your <code>linkedin-agent</code> can only access <code>linkedin.com</code> cookies. It can't touch your bank.</p></li> <li><p><strong>Audit Logging:</strong> Every access is logged with timestamp, agent name, and domain.</p></li> </ol> <p>The code becomes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">agent_auth</span> <span class="kn">import</span> <span class="n">Vault</span> <span class="n">vault</span> <span class="o">=</span> <span class="nc">Vault</span><span class="p">()</span> <span class="n">vault</span><span class="p">.</span><span class="nf">unlock</span><span class="p">(</span><span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">)</span> <span class="n">cookies</span> <span class="o">=</span> <span class="n">vault</span><span class="p">.</span><span class="nf">get_session</span><span class="p">(</span><span class="sh">"</span><span class="s">linkedin.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Use with requests </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">https://linkedin.com/feed</span><span class="sh">'</span><span class="p">,</span> <span class="n">cookies</span><span class="o">=</span><span class="n">cookies</span><span class="p">)</span> <span class="c1"># Or with Playwright </span><span class="n">context</span><span class="p">.</span><span class="nf">add_cookies</span><span class="p">(</span><span class="n">cookies</span><span class="p">)</span> </code></pre> </div> <p>One line to get authenticated cookies. No decryption code. No hardcoded tokens. No security nightmares.</p> <h2> The Bigger Picture </h2> <p>Here's what I realized while building this: <strong>session management for AI agents is unsolved infrastructure.</strong></p> <p>We have OAuth for user-facing apps. We have API keys for server-to-server. But AI agents? They're stuck with the same hacks we used in 2010 for web scraping.</p> <p>The industry is building increasingly sophisticated agents — agents that can browse, fill forms, make purchases. But we're still copy-pasting cookies from DevTools.</p> <p>AgentAuth is my attempt to fix this. It's open source, works today on any site (no OAuth adoption required), and integrates with LangChain, Playwright, and n8n.</p> <p><strong>Links:</strong></p> <ul> <li>GitHub: <a href="https://github.com/jacobgadek/agent-auth" rel="noopener noreferrer">github.com/jacobgadek/agent-auth</a> </li> <li>PyPI: <code>pip install agentauth-py</code> </li> <li>n8n node: <code>npm install n8n-nodes-agentauth</code> </li> </ul> <p>If you're building agents that need authentication, give it a try. And if you want to contribute — especially Windows DPAPI support or a Firefox extension — PRs are welcome.</p> <p><em>If you found this useful, consider starring the repo. It helps others discover the project.</em></p> python security webscraping automation How to Handle Authentication for AI Agents (Without Hardcoding Cookies) jacobgadek Sat, 10 Jan 2026 17:31:22 +0000 https://dev.to/jacobgadek/how-to-handle-authentication-for-ai-agents-without-hardcoding-cookies-3681 https://dev.to/jacobgadek/how-to-handle-authentication-for-ai-agents-without-hardcoding-cookies-3681 <h2> How to Handle Authentication for AI Agents (Without Hardcoding Cookies) </h2> <p>If you're building AI agents that interact with websites, you've probably run into this problem: your agent needs to be logged in.</p> <p>The common solution? Hardcode cookies in your code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># What everyone does (don't do this) </span><span class="n">cookies</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">session_id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">abc123</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">auth_token</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">xyz789</span><span class="sh">"</span><span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com/dashboard</span><span class="sh">"</span><span class="p">,</span> <span class="n">cookies</span><span class="o">=</span><span class="n">cookies</span><span class="p">)</span> </code></pre> </div> <p>This works until it doesn't:</p> <ul> <li>Sessions expire and your agent breaks</li> <li>Cookies leak into git repos</li> <li>No way to track which agent accessed what</li> <li>One leaked cookie = compromised account</li> </ul> <h2> The Real Problem: Agents Don't Have Identities </h2> <p>When a human logs into a website, they have an identity. They authenticate, get a session, and the site knows who they are.</p> <p>AI agents? They're identity ghosts. They borrow your cookies, pretend to be you, and hope nothing breaks.</p> <p>This is fine when you have one agent running locally. But what happens when you have:</p> <ul> <li>Multiple agents accessing different services</li> <li>Agents running in production</li> <li>A team where everyone has their own credentials</li> </ul> <p>You need a real solution.</p> <h2> What Good Agent Auth Looks Like </h2> <p>After dealing with this problem repeatedly, I built AgentAuth — an open-source SDK that handles this properly.</p> <p>Here's how it works:</p> <h3> 1. Export Cookies From Your Browser </h3> <p>Instead of manually copying cookies from dev tools, use a Chrome extension:</p> <ul> <li>Go to the site (logged in)</li> <li>Click the extension</li> <li>Click "Export Session Cookies"</li> <li>Done</li> </ul> <h3> 2. Store Them Encrypted </h3> <p>Sessions are stored in an encrypted vault on your machine — not in your code, not in environment variables.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>agent-auth init <span class="c"># Set up the vault</span> agent-auth add github.com <span class="c"># Paste the exported cookies</span> </code></pre> </div> <h3> 3. Give Each Agent an Identity </h3> <p>Every agent gets a cryptographic identity (Ed25519 keys) and scoped permissions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>agent-auth create-agent github-bot <span class="nt">--scopes</span> github.com </code></pre> </div> <p>This agent can ONLY access github.com. It can't touch your LinkedIn or Gmail sessions.</p> <h3> 4. Retrieve Sessions Securely </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">agent_auth</span> <span class="kn">import</span> <span class="n">Agent</span><span class="p">,</span> <span class="n">AgentAuthClient</span> <span class="n">agent</span> <span class="o">=</span> <span class="n">Agent</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="sh">"</span><span class="s">github-bot</span><span class="sh">"</span><span class="p">)</span> <span class="n">client</span> <span class="o">=</span> <span class="nc">AgentAuthClient</span><span class="p">(</span><span class="n">agent</span><span class="p">)</span> <span class="n">cookies</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">get_session</span><span class="p">(</span><span class="sh">"</span><span class="s">github.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Now use the cookies </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://github.com/notifications</span><span class="sh">"</span><span class="p">,</span> <span class="n">cookies</span><span class="o">=</span><span class="n">cookies</span><span class="p">)</span> </code></pre> </div> <h3> 5. Everything is Logged </h3> <p>Every session access is logged. You know exactly which agent accessed which domain and when.</p> <h2> Why This Matters </h2> <p>Right now, there are thousands of AI agents running with hardcoded cookies. As agents become more common, this becomes a massive security hole.</p> <p>Think about it:</p> <ul> <li>Agents accessing company data</li> <li>Agents running automations on your behalf</li> <li>Agents with access to sensitive accounts</li> </ul> <p>Do you really want all of that authenticated with copy-pasted cookies in a <code>.env</code> file?</p> <h2> Try It </h2> <p>AgentAuth is open source:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>agent-auth </code></pre> </div> <p>GitHub: <a href="https://github.com/jacobgadek/agent-auth" rel="noopener noreferrer">https://github.com/jacobgadek/agent-auth</a></p> <p>It takes 5 minutes to set up:</p> <ol> <li><code>agent-auth init</code></li> <li>Export cookies with the Chrome extension</li> <li><code>agent-auth add &lt;domain&gt;</code></li> <li>Use <code>AgentAuthClient</code> in your code</li> </ol> <p>If you're building agents, give it a try. I'd love feedback.</p> <p><em>Building something with AI agents? I'm working on making agent authentication a solved problem. Follow along on <a href="https://twitter.com/jlgadek" rel="noopener noreferrer">Twitter</a> or check out the <a href="https://github.com/jacobgadek/agent-auth" rel="noopener noreferrer">GitHub repo</a>.</em></p> ai python security opensource