This is a submission for the Auth0 for AI Agents Challenge
What I Built
You know that feeling when you're applying to jobs at 2 AM, desperately trying to tailor your resume for the 47th time this week, and your Google Docs is giving you that judgy "Are you sure you want to save these changes?" Look? Yeah, I built something to fix that.
Meet Resumify - an AI-powered resume assistant that doesn't just help you write resumes, it practically writes them for you. And no, it won't judge you for that "proficient in Microsoft Word" line you've been carrying since 2015.
Demo
🎬 Watch It In Action
See Resumify transform a basic resume into an ATS-optimized masterpiece in under 2 minutes.
Since showing is better than telling (and because my mom said screenshots count as evidence I'm actually productive):
🎥 Quick Overview
Here's the landing page in all its gradient-text glory:
Yes, that's a real AI-generated professional summary. No, I don't know how it made me sound this employable either.
📸 The Flow Nobody Asked For But Everyone Needs
Step 1: Authentication (The Easy Part)
One login to rule them all - Auth0 handles the heavy lifting so I don't have to.
Step 2: Profile Setup (The "This Should Be Easy But Isn't" Part)
All your career details in one place. Supabase keeps it safe, Auth0 keeps it secure.
Step 3: Chat With Your New AI Best Friend
Ask it anything. Seriously. I asked it to roast my resume and it did. Painfully accurate, too.
Step 4: Watch The Magic Happen
From chat to Google Doc in seconds. It's like teleportation, but for career documents.
🔗 Try It Yourself (If You Dare)
Live Demo: https://resumify.varshithvhegde.in/
Test Credentials:
-
Username:
testdevvarshith@gmail.com -
Password:
VarshithDev@2025
⚠️ Important Notes:
- Google OAuth Limitation: The Google Cloud account is currently in testing mode, so new users cannot connect their own Gmail accounts. Please use the provided test credentials above - all permissions are already configured.
- Please be respectful! This demo uses a limited OpenAI API key. Avoid excessive chat usage so others can try it too.
-
Demo Resume Link: Use this public Google Doc for testing:
https://docs.google.com/document/d/16SOGaiJZwUP2EDObbitbJBJOwHgMyJo76sNrEdyAnbY/edit?usp=sharing -
Using Your Own Resume:
- Your resume MUST be a Google Doc (not PDF or Word)
- The document must be set to "Anyone with the link can view"
- Public Google Docs can be accessed by the app regardless of which account it's in
- Make sure sharing permissions are set correctly before pasting the link
Repository: https://github.com/Varshithvhegde/resume-ai
The repo includes:
- Complete source code (yes, all the embarrassing git commits too)
- Detailed setup instructions (because "it works on my machine" isn't helpful)
- Sample environment configuration (with fake keys, obviously)
- Database schema (PostgreSQL never looked so good)
The Problem (That We've All Lived Through)
Let's be honest: job hunting is about as fun as debugging a null pointer exception at 5 PM on a Friday. You've got:
- Multiple versions of your resume scattered across Google Drive like horcruxes
- That LinkedIn profile that's been "90% complete" since the Obama administration
- A desperate need to tailor each application but zero energy to actually do it
- Gmail drafts that start with "Dear Hiring Manager" because you forgot to personalize them
The traditional approach? Copy-paste your resume into every template you find, pray to the ATS gods, and hope your experience as a "synergistic team player" resonates with someone.
Spoiler alert: It usually doesn't.
The Solution (AKA My Digital Career Therapist)
Resumify is like having a career counselor, a copywriter, and that one friend who's really good at networking all rolled into one AI agent. But unlike that friend, it actually responds to your 2 AM panic texts.
Here's what this beautiful beast does:
🤖 AI-Powered Resume Analysis
Connects to your Google Docs and analyzes your resume with the ruthless efficiency of a hiring manager who's seen 500 applications this week. Except it's actually constructive about it.
👤 Persistent Profile Management
Remember all that info you've typed into application portals? Yeah, Resumify remembers it too. Store it once, use it forever. It's like credential autofill, but for your entire career.
📄 Job-Tailored Resume Generation
Paste a job description, and watch the AI rewrite your resume to match. It's like having a chameleon, but for professional documents. And way less weird to explain at parties.
📧 Email Automation That Doesn't Sound Like a Robot
Generates professional application emails through Gmail that actually sound like a human wrote them. The AI somehow manages to hit that sweet spot between "desperate" and "confident" that we all struggle with.
🔐 Google Docs Integration (The Secret Sauce)
Creates ATS-optimized resumes directly in your Google Drive. No more downloading PDFs, converting formats, or sacrificing goats to the formatting gods.
💬 Real-Time AI Chat Assistant
An AI that actually understands "make this sound better" and doesn't just add more buzzwords. Revolutionary, I know.
How I Used Auth0 for AI Agents
Here's where things get spicy. Building an AI agent that talks to Google Docs AND Gmail AND your database while keeping everything secure is like juggling chainsaws while riding a unicycle. On fire. In a hurricane.
Auth0 for AI Agents basically gave me a safety net, a helmet, and instructions on how not to set myself on fire.
The "Holy Grail" of Token Exchange
Remember when I said Resumify connects to Google Docs and Gmail? Here's the thing: Google services need OAuth tokens. Your AI agent needs to make those API calls on behalf of your users. And if you've ever tried to manage OAuth tokens manually, you know it's about as fun as explaining recursion to your grandma.
Enter Auth0's Token Exchange Magic ✨
// src/lib/auth0-ai.ts
import { getRefreshToken } from "@/lib/auth0"
import { Auth0AI } from "@auth0/ai-langchain"
import { getAccessTokenForConnection } from "@auth0/ai-langchain"
const auth0AI = new Auth0AI()
// This one line does more work than me on a Monday morning
export const withGoogleConnection = auth0AI.withTokenForConnection({
connection: "google-oauth2",
scopes: [
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.compose",
],
refreshToken: getRefreshToken,
})
What's happening here? Auth0 is basically saying: "Hey, you logged in once. Now I'll handle all the token refreshing, scope management, and OAuth dance moves behind the scenes. You just focus on building cool stuff."
It's like having a really competent assistant who remembers your passwords, knows all your credentials, and never calls in sick. Except it's code, so it doesn't require coffee breaks.
The AI Agent: Powered By Auth0's Security Blanket
Here's how the AI agent works with Auth0 under the hood:
// src/app/api/chat/route.ts
const gmailParams = {
credentials: {
accessToken: getAccessToken, // This function? Auth0-powered magic
},
}
const gmailDraft = new GmailCreateDraft(gmailParams)
const gmailSend = new GmailSendMessage(gmailParams)
const gmailSearch = new GmailSearch(gmailParams)
const agent = createReactAgent({
llm,
tools: [
readGoogleDocContent,
createGoogleDocResume,
getUserProfile,
saveUserProfile,
// These three? Wrapped in Auth0's secure token exchange
withGoogleConnection(gmailDraft),
withGoogleConnection(gmailSend),
withGoogleConnection(gmailSearch),
],
})
What Auth0 Actually Does Here (The Technical Deep Dive Nobody Reads But Should)
- Single Sign-On: User logs in once through Auth0
- Token Storage: Auth0 securely stores the Google OAuth tokens
- Automatic Refresh: When tokens expire, Auth0 refreshes them automatically
- Scope Management: Auth0 ensures the agent only gets the permissions it needs
- Security: All token handling happens server-side with proper encryption
It's like having a bouncer at a club who not only checks IDs but also remembers everyone's drink preferences and makes sure nobody gets roofied. Very specific metaphor, I know, but security is important.
The Middleware That Saved My Sanity
Auth0's middleware integration made protecting routes embarrassingly easy:
// src/middleware.ts
export async function middleware(request: NextRequest) {
const authRes = await auth0.middleware(request)
// Auth routes? Auth0's got it
if (request.nextUrl.pathname.startsWith("/auth")) {
return authRes
}
const session = await auth0.getSession(request)
// No session? Back to login, buddy
if (!session) {
return NextResponse.redirect(`${origin}/auth/login`)
}
return authRes
}
Three words: Works. Just. Works.
No custom JWT parsing, no manual token validation, no "but it worked yesterday" debugging sessions at 3 AM. Auth0 handles it all, and I get to sleep like a normal human being.
Google Docs Integration: The "This Shouldn't Be This Easy" Moment
Want to know the wildest part? Creating resumes in Google Docs using Auth0-managed tokens:
// src/lib/tools/gdocs.ts
export const readGoogleDocContent = tool(
async ({ docId }) => {
// Get token - Auth0 handles all the OAuth complexity
const { token } = await auth0.getAccessTokenForConnection({
connection: "google-oauth2",
})
const auth = new google.auth.OAuth2()
auth.setCredentials({ access_token: token })
const docs = google.docs({ version: "v1", auth })
// Now we're cooking with gas (or electricity, it's 2025)
const doc = await docs.documents.get({ documentId: docId })
return doc.data
}
)
That's it. That's the whole authentication flow. Auth0 turned what would've been 200 lines of OAuth boilerplate into 5 lines of "just work already."
Why This Matters (The "So What?" Section)
Here's what Auth0 for AI Agents actually gave me:
For Security:
- No raw tokens flying around my codebase like confetti
- Automatic token rotation (because I definitely would've forgotten)
- Centralized permission management (one place to rule them all)
- Built-in rate limiting and abuse prevention
For Developer Experience:
- Spent 80% less time on auth, 80% more time on features
- No custom OAuth implementations (my least favorite kind of implementations)
- Works out of the box with LangChain tools
- Documentation that doesn't make me cry
For Users:
- Login once, access everything
- No weird permission prompts every 5 minutes
- Their data stays secure (Auth0's problem now, not mine)
- Seamless integration between services
The "A-ha!" Moment
The real breakthrough came when I realized: Auth0 isn't just handling authentication—it's managing the entire trust relationship between my AI agent, my users, and third-party services.
Think about it: My AI agent needs to:
- Read Google Docs (requires user permission)
- Send Gmail emails (requires user permission)
- Access profile data (requires authenticated session)
- All while running server-side (requires secure token handling)
Auth0 orchestrates this entire dance. It's like having a really good project manager who actually knows what they're doing. Rare, I know.
Lessons Learned and Takeaways
The "What Went Right" List (Surprisingly Long)
Auth0 Was The MVP:
Seriously, Auth0 for AI Agents saved me weeks of development time. Token management? Handled. OAuth flows? Done. Security best practices? Built-in. I went from "this will take forever" to "wait, it's already working?" in about 2 hours.
LangChain + Auth0 = Chef's Kiss:
The integration between LangChain and Auth0's AI Agents SDK is smoother than my attempts at small talk at networking events. The withTokenForConnection wrapper is pure genius—wrap your tools, and suddenly they're secure. It's like adding authentication as a seasoning rather than rebuilding the entire dish.
AI Agents Need Identity Too:
Building this made me realize: AI agents aren't just functions that run on a server. They're acting on behalf of users, accessing sensitive data, and making real decisions. They need proper identity management just like humans do. Auth0 gets this.
Database Schema Matters (Who Knew?):
Supabase's PostgreSQL setup was chef's kiss. Having separate tables for profiles, experience, education, projects, and skills made the AI agent's job way easier. It's like organizing your closet—painful at first, but you'll thank yourself later.
The "What Went Wrong" List (Also Surprisingly Long)
CSS in Emails is Still Terrible:
It's 2025, and CSS in emails is still stuck in 2005. Outlook literally uses Microsoft Word's rendering engine. WORD. I spent 3 hours debugging why my beautiful gradient text looked like a ransom note in Gmail. The solution? Inline styles and prayers.
Token Scopes Are Tricky:
Initially, I requested too many Google API scopes, and users freaked out when the permission screen looked like I was asking for their kidney. Less is more. Only request what you actually need, when you need it.
AI Hallucinations Are Real:
Early versions had the AI occasionally invent skills users didn't have. "Proficient in Rust" sounds great until you remember you've never written a line of Rust code. Fixed it with better prompt engineering and validation.
Rate Limits Exist (Apparently):
Google's APIs have rate limits. Who knew? (Everyone. Everyone knew.) Started hitting them during testing. Solution: Added caching and request throttling. Also learned to test with smaller datasets.
"It Works on My Machine" Is a Lie:
Environment variables in production are different from local dev. Auth0 callback URLs need to match exactly. Learned this the hard way when the deployed version just... didn't work. Triple-check your .env files, kids.
Key Insights (The Part Where I Sound Smart)
1. Security Should Be Boring
The best security is the kind you don't think about. Auth0 made security so seamless that I forgot I was building a secure application. That's not negligence—that's good abstraction. The less I have to worry about token management, the more I can focus on making the AI agent actually useful.
2. AI Agents Need Better Auth Patterns
Traditional user authentication assumes a human is clicking buttons. AI agents make thousands of API calls automatically. We need authentication patterns that:
- Handle high-frequency requests
- Manage multiple service integrations
- Provide fine-grained permission control
- Log everything for security audits
Auth0 for AI Agents is one of the first platforms I've seen that actually addresses these needs. It's like they read my mind, except less creepy and more useful.
3. The Best Tools Disappear
Good developer tools should feel like magic. Auth0 did that. I didn't have to think about:
- Where tokens are stored
- How they're encrypted
- When they expire
- How they're refreshed
It just... worked. That's the mark of excellent engineering.
4. Build Features, Not Infrastructure
I spent 2 hours on authentication and 2 weeks on AI features. That's the right ratio. Auth0 let me focus on what makes Resumify unique (the AI resume optimization) rather than reinventing OAuth flows for the thousandth time.
5. Users Care About Their Data
Every permission request matters. Every scope you add is another reason for users to bounce. Auth0's granular permission management meant I could request exactly what I needed, when I needed it. Users trust that more than a blanket "give us all your data" request.
Advice for Future Builders (Because I'm Old and Wise Now)
If You're Building AI Agents:
- Use Auth0 for AI Agents. Seriously. Don't try to roll your own OAuth management.
- Test token refresh flows early. Tokens expire, and you need to handle it gracefully.
- Log everything. When things break (and they will), you'll want to know why.
- Start with minimal scopes and add more only when needed.
If You're Integrating Multiple Services:
- Token exchange is your friend. Learn it, love it, use Auth0's implementation.
- Each service has different rate limits. Plan accordingly.
- Cache aggressively. Don't make API calls you don't need to make.
- Have fallback plans when services are down.
If You're Using AI/LLM APIs:
- Prompt engineering is 80% of the work. Spend time on it.
- Always validate AI outputs. GPT-4 is smart, not infallible.
- Cost adds up fast. Monitor your token usage.
- Have human oversight for critical operations.
If You're Just Getting Started:
- Pick one thing and do it well. Resumify started as "AI resume analysis" and grew from there.
- Don't overthink infrastructure. Use managed services (Auth0, Supabase, Vercel).
- Ship early, iterate fast. My first version was embarrassingly simple.
- User feedback > your assumptions. Always.
The Meta Lesson (Getting Philosophical Here)
Building Resumify taught me that modern development is less about writing code and more about orchestrating services. I didn't build an authentication system—I integrated Auth0. I didn't build a database—I used Supabase. I didn't train an AI model—I used OpenAI.
The real skill was knowing how to wire these pieces together in a way that creates value. Auth0 for AI Agents made one of the hardest pieces (secure token management for AI agents) almost trivial.
That's the future of development: powerful building blocks that let you focus on solving user problems rather than reinventing wheels.
The Bottom Line
If you're building AI agents that need to access user data or third-party services (and let's be honest, what AI agent doesn't?), Auth0 for AI Agents is not optional—it's essential.
Resumify wouldn't exist without it. Well, it might exist, but it would be held together with duct tape, prayer, and a security model that would make penetration testers weep.
Instead, I've got an AI-powered resume assistant that's secure, scalable, and actually helps people land jobs. And I get to sleep at night knowing Auth0 is handling the authentication complexity.
What's Next?
- Adding more resume templates (because one size doesn't fit all)
- Cover letter generation (because apparently those still matter)
- Interview prep features (practice makes perfect, or at least less awkward)
- LinkedIn profile optimization (because networking is still a thing)
- Multi-language support (resumes, not programming languages—though that'd be cool too)
Try It Yourself
The code's open source, the demo's live, and Auth0 has a generous free tier. Build your own AI agent, secure it properly, and maybe, just maybe, we can make job hunting a little less terrible.
Now if you'll excuse me, I need to update my own resume to include "Built an AI that's better at resume writing than me." The irony is not lost on me.
Built with: Auth0,Next.js, TypeScript, OpenAI, LangChain, Supabase, Google APIs, and an unhealthy amount of caffeine.
Source Code: github.com/yourusername/resumify
Live Demo: resumify.varshithvhegde.in
Questions? Drop a comment below or find me on Twitter where I'm probably complaining about CSS.
Top comments (2)
This is awesome! 🔥 Love how you turned a painful job hunting problem into something actually useful.
The writing style made this super fun to read - "desperately trying to tailor your resume for the 47th time" hit way too close to home 😅
Trying out the demo now. Really cool that you made it open source too!
Great work! 👏
Thank You!!