This is a submission for the Auth0 for AI Agents Challenge
💡 What I Built
Euclid is a custom-embeddable, agentic chatbot that lets application owners configure their own secure AI assistant — one that can think, act, and integrate directly into existing systems without compromising identity or access control.
Want to give your users the power of AI in your application without having to build it from scratch? Euclid gives every application owner a personalized, embeddable AI agent that connects to their APIs, retrieves relevant knowledge, and performs safe, authorized actions on request — all powered by Auth0 for AI Agents.
🔗 Live Bot Config Site:
💻 Github Repository:
🎬 Bot Config Demo
🎬 Bot Embed and Customization Demo
FGA in action
At its core, Euclid is:
- Configurable: App owners configure (Create or Edit) their chatbot via a live site— defining persona, tone, and allowed API endpoints, roles, and the application's knowledge base.
- Secure: Auth0 ensures every AI action is identity-verified and role-restricted.
- Context-aware: Using RAG (Retrieval-Augmented Generation), Euclid retrieves relevant app-specific knowledge before each response.
- Embeddable: A lightweight JS widget that can be dropped into any SaaS or web app.
- Agentic: Beyond conversation, the AI can safely act on behalf of authenticated users.
In simple terms:
Euclid learns about the application it's embedded into — it looks up and uses your data provided during configuration intelligently.
🧩 How It Works
1. Configuration Site
The dashboard lets application owners:
- Upload PDFs or internal documentation (knowledge base).
- Set bot personality, default prompts, and visual appearance.
- Connect their Auth0 credentials (domain, audience, namespace).
- Define which API endpoints are accessible to which user roles.
Each bot is stored with a unique botId and configuration metadata in MongoDB.
When an app owner uploads a PDF, Euclid automatically splits it into chunks, generates embeddings (using Gemini), and stores them in Chroma or Pinecone for contextual retrieval.
2. The Widget
Embedding a bot is as easy as adding this snippet:
<script
src="https://euclid-widget.netlify.app/widget.js"
data-bot-id="euclid-bot-xxxxxxxxxxxx"
data-color="#06B6D4"
data-default-state="info"
data-info-message="Hi there! Need any help?"
></script>
That snippet instantly renders a chat bubble (position and color configurable) that expands into a full chat window.
The widget manages the chat lifecycle, handles message flow, and includes smooth, pulsing typing animations for natural feedback.
3. The Backend
Behind the scenes:
- Express.js powers the REST API for bot creation, updates, and chat sessions.
- MongoDB stores bot configurations and state.
- Gemini handles embeddings and AI text generation.
- Pinecone/Chroma stores and retrieves vector embeddings for RAG.
- Auth0 for AI agents secures the action layer and knowledge access— ensuring the AI acts only within authenticated and authorized scopes.
🔐 How I Used Auth0 for AI Agents
1. Enforcing fine-grained document-level access with FGA
I integrated Auth0 Fine-Grained Authorization (FGA) into the retrieval pipeline to make sure the agent never exposes sensitive information from a knowledge base that the user shouldn’t see.
Whenever the agent retrieves documents from the knowledge base, I check each document against FGA before feeding it to the LLM.
// Initialize FGA client for document-level access
const fga = new OpenFgaClient({
apiUrl: process.env.FGA_API_URL,
storeId: process.env.FGA_STORE_ID,
credentials: {
method: "client_credentials",
clientId: process.env.FGA_CLIENT_ID,
clientSecret: process.env.FGA_CLIENT_SECRET,
apiAudience: process.env.FGA_API_AUDIENCE,
},
});
/**
* Helper: Check FGA access for each document
*/
async function checkFgaAccess(userSub, botId, filename) {
try {
const resp = await fga.check({
tuple_key: {
user: `user:${userSub}`,
relation: "reader",
object: `document:${botId}/${filename}`,
},
});
return Boolean(resp?.allowed);
} catch (err) {
console.error("FGA check failed:", err);
return false;
}
}
If a document isn’t authorized for that user, it’s excluded from the retrieval-augmented generation (RAG) context.
This guarantees that even the AI’s responses are scoped to what the user is actually allowed to access — preventing data leakage.
When the user sends a message, their userToken (Auth0 JWT) is sent with the message to Euclid’s /api/chat endpoint:
{
"botId": "abc123",
"userMessage": "Show my invoices",
"userToken": "<Auth0 JWT>"
}
If the AI determines that the user’s question requires a real-world action (like fetching /invoices), it triggers a secure call to the Proxy Service.
Secure Proxy Execution
The proxy verifies the JWT using the app owner’s Auth0 JWKS endpoint, then extracts user roles from the configured namespace.
Each bot defines its own endpoint-role mapping, for example:
[
{ "endpoint": "/orders", "roles": ["admin", "sales"] },
{ "endpoint": "/invoices", "roles": ["finance"] }
]
If the user’s role doesn’t match the requirement, the AI is blocked before the request executes — ensuring zero-trust execution.
🧠 The result: the Agent becomes a trusted digital teammate, acting securely and transparently inside the app.
In summary
By combining Auth0’s AI Agents, FGA, and role-based access, I gave Euclid the ability to:
Understand who the user is (via Auth0 access tokens)
Act on their behalf securely (via the agent context and delegated calls)
Only access what the user is authorized to see (via FGA checks)
Enforce precise endpoint roles (via Auth0 roles and namespaces)
Support multiple independent businesses, each with their own Auth0 tenant
The end result is a deeply secure and modular agentic system — one where Auth0 manages all authentication and authorization complexity, and my AI agent simply focuses on understanding and executing the user’s intent.
Lessons Learned & Takeaways
Building Euclid reinforced a core principle of AI system design:
AI should be capable, but always accountable.
Here’s what I learned:
- Integrating AI into SaaS products without proper identity control is risky.
- Auth0 for AI Agents ensures every AI action is linked to a verified user.
- Secure RAG pipelines let AI access private data safely, without retraining models.
- Agentic doesn’t mean uncontrolled — it means autonomous within boundaries.
In short:
“Euclid lets AI work for your users — not around your security.”
✨ Final Thoughts
AI assistants are becoming more agentic — capable of reasoning and acting.
But true progress comes when that autonomy is paired with security.
Auth0 for AI Agents bridges that gap perfectly, allowing developers to give their AI systems both intelligence and integrity.
That’s what Euclid stands for:
Smart AI, within safe boundaries.
A big thanks to the Auth0 and DEV team for putting together this challenge. I had a really fun time building out my submission. And because I am very confident in its real-world value, I definitely would be taking the solution far beyond this challenge💪. Cheers🥂
Top comments (2)
wow this is fire trussss! nice work
Thankss!💫