Agent hardening with Auth0

Yu Watanabe — Mon, 27 Oct 2025 01:55:04 +0000

This is a submission for the Auth0 for AI Agents Challenge

What I Built

I have built a agent that provides answer for confidential information to the right person.

Before starting with the implementation, lets start with the problem I want to solve with this solution.

Point of View statement

Bob works at IT team at EMarket, an online e-commerce company .

The company wants to provide chat services to their employee to boost productivity.

But the team wants to first launch the service to LIMIED person as a prototype and gather information as an usability testing.

Therefore, Bob needs to restrict the usage of the chat service to certain users.

The How-Might-We question denoted from the POV might be like,

How might we authenticate the user ?
How might we restrict users to access the relative contents ?

To tackle the problem, I have came up with below solution.

Architecture

User logs in to the app.
App authenticates the user by consulting with Auth0.
App loads documents into the vector store. public-doc.md holds the relative info to the user.
App instantiates the Agent then binds the Retriever and do tool calling.
Retriever first consults the FGA powered by Auth0 and checks relationship of the user with the file name.
Retriever then retrieves the relevant documents from the vector store.
Agent then prompts the Model .
App returns the chat history rendered as HTML.

Since this architecture is aimed for this challenge, the indexing context might be different from the real world.

Service runs on Digitalocean App platform.

Demo

Github codebase

I have prepared two entities (person)

User	Password
john.doe@test.com	john123!
joe.shmoe@test.com	joes123!

Feel free to login from the login page.

https://lionfish-app-2tsho.ondigitalocean.app/login

Then access the page which calls the agent.

https://lionfish-app-2tsho.ondigitalocean.app/agent/call

You will see that john.doe will properly receive the answer including the relative information from the agent.

But the joe.smith will not get the right answer.

Logout from session after you are done.

https://lionfish-app-2tsho.ondigitalocean.app/logout

How I Used Auth0 for AI Agents

The essence here is that to deliver the right user experience per user , I have used Auth0 for authentication and Auth0 FGA for the authorization.

Users are managed by the Auth0 platform.

The catch here is that only user:john.smith@test.com (object) has relation with the document:public-doc (resource)

Lessons Learned and Takeaways

This was my first time doing frontend activities for a specific problem. So I learned a lot. I would like to list few points.

The speed toward the outcome. There are excellent tools and services for both sustainability and effectiveness. e.g. terraform, full managed service, sdk, etc .
Downside was took time for me to get the right package dependency. The quick start did not work out-of-the-box for me.
Learning curve might be high. My environment required explicit configuration for client for the FGARetriever . I had to go all the way to the codebase to get the right info. I could not find the API doc for @auth0/ai-langchain. ChatGPT did not work for me.
I would like to know the right message to notify the user for smooth UX in case of in appropriate permission.

Thank you very much for the opportunity !

Starting a continuous deployment

Yu Watanabe — Sun, 06 Apr 2025 15:17:11 +0000

This is a submission for the Pulumi Deploy and Document Challenge: Shhh, It's a Secret!

DEV Community: Yu Watanabe

Agent hardening with Auth0

What I Built

Point of View statement

Architecture

Demo

How I Used Auth0 for AI Agents

Lessons Learned and Takeaways

Starting a continuous deployment

What I Built

Live Demo Link

Project Repo

My Journey

Using Pulumi ESC