From 86b34f1950fb65fda38811ac89d2c6a9705b37ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Wo=C5=BAniewski?= Date: Thu, 2 Oct 2025 15:20:26 +0200 Subject: [PATCH] Rename CIBA methods part1 --- .../how-tos/analyze-strava-activities.mdx | 2 +- .../how-tos/create-spotify-playlist.mdx | 2 +- .../how-tos/get-github-issues-python.mdx | 2 +- .../how-tos/get-salesforce-opportunities.mdx | 2 +- auth4genai/integrations/github.mdx | 4 +- auth4genai/integrations/google.mdx | 4 +- auth4genai/integrations/slack.mdx | 4 +- .../call-others-apis-on-users-behalf.mdx | 4 +- auth4genai/sdks/javascript-sdk.mdx | 2 +- .../langchain-fastapi-py/async-auth.mdx | 16 +- .../langchain-fastapi-py/auth-for-rag.mdx | 2 +- .../langchain-fastapi-py/call-others-api.mdx | 36 ++-- .../langchain-next-js/async-auth.mdx | 10 +- .../langchain-next-js/call-others-api.mdx | 34 ++-- .../vercel-ai-next-js/async-auth.mdx | 12 +- .../vercel-ai-next-js/call-others-api.mdx | 40 ++--- .../vercel-ai-node-js/async-auth.mdx | 12 +- .../call-others-api.mdx | 22 +-- auth4genai/snippets/how-tos/github/ai-sdk.mdx | 24 +-- .../how-tos/github/cloudflare-agents.mdx | 24 +-- auth4genai/snippets/how-tos/github/genkit.mdx | 22 +-- .../how-tos/github/langgraph-python.mdx | 22 +-- .../snippets/how-tos/github/langgraph.mdx | 24 +-- .../how-tos/github/llamaindex-python.mdx | 16 +- .../snippets/how-tos/github/llamaindex.mdx | 24 +-- .../how-tos/google-calendar/ai-sdk.mdx | 24 +-- .../google-calendar/cloudflare-agents.mdx | 24 +-- .../how-tos/google-calendar/genkit.mdx | 24 +-- .../google-calendar/langgraph-python.mdx | 22 +-- .../how-tos/google-calendar/langgraph.mdx | 24 +-- .../google-calendar/llamaindex-python.mdx | 16 +- .../how-tos/google-calendar/llamaindex.mdx | 22 +-- auth4genai/snippets/how-tos/slack/ai-sdk.mdx | 24 +-- .../how-tos/slack/cloudflare-agents.mdx | 24 +-- auth4genai/snippets/how-tos/slack/genkit.mdx | 22 +-- .../how-tos/slack/langgraph-python.mdx | 22 +-- .../snippets/how-tos/slack/langgraph.mdx | 26 +-- .../how-tos/slack/llamaindex-python.mdx | 16 +- .../snippets/how-tos/slack/llamaindex.mdx | 22 +-- .../integrations/TokenVaultConfigBlock.jsx | 6 +- .../snippets/integrations/learn-more.mdx | 2 +- .../user-authentication-with-ciba.mdx | 6 +- .../user-authorization-with-ciba.mdx | 6 +- main/docs/secure/tokens/token-vault.mdx | 42 ++--- .../call-apis-with-token-vault.mdx | 168 +++++++++--------- .../token-vault/configure-token-vault.mdx | 14 +- 46 files changed, 461 insertions(+), 461 deletions(-) diff --git a/auth4genai/how-tos/analyze-strava-activities.mdx b/auth4genai/how-tos/analyze-strava-activities.mdx index 5eb67cbd7..013eacf11 100644 --- a/auth4genai/how-tos/analyze-strava-activities.mdx +++ b/auth4genai/how-tos/analyze-strava-activities.mdx @@ -20,7 +20,7 @@ Before using this example, make sure you: ## 1. Define the Vercel AI Tool and backend API Route Define a `getActivities` tool that uses GPT-4 to fetch and analyze a user's recent fitness activity from Strava: -- When the tool calls `getAccessTokenForConnection()` to fetch a Spotify access token, pass in `strava-custom` as the connection name. +- When the tool calls `getAccessTokenFromTokenVault()` to fetch a Spotify access token, pass in `strava-custom` as the connection name. ```tsx wrap lines import { openai } from "@ai-sdk/openai" diff --git a/auth4genai/how-tos/create-spotify-playlist.mdx b/auth4genai/how-tos/create-spotify-playlist.mdx index 18fbcae54..abf6773fe 100644 --- a/auth4genai/how-tos/create-spotify-playlist.mdx +++ b/auth4genai/how-tos/create-spotify-playlist.mdx @@ -23,7 +23,7 @@ Before using this example, make sure you: ## 1. Define the Vercel AI Tool and backend API Route Define a `createPlaylist` tool that uses GPT-4 to create a new Spotify playlist for the user: -- When the tool calls `getAccessTokenForConnection()` to fetch a Spotify access token, pass in `spotify-custom` as the connection name. +- When the tool calls `getAccessTokenFromTokenVault()` to fetch a Spotify access token, pass in `spotify-custom` as the connection name. ```tsx wrap app/api/chat/route.js lines import { openai } from "@ai-sdk/openai" diff --git a/auth4genai/how-tos/get-github-issues-python.mdx b/auth4genai/how-tos/get-github-issues-python.mdx index aef765890..f97ac43ce 100644 --- a/auth4genai/how-tos/get-github-issues-python.mdx +++ b/auth4genai/how-tos/get-github-issues-python.mdx @@ -39,7 +39,7 @@ Create a function that will return the access token for Github. ```python wrap lines async def get_token_from_token_vault(): - return await auth0.get_access_token_for_connection( + return await auth0.get_access_token_from_token_vault( options = { "connection" : "github", "scope" : "openid profile email offline_access"}) diff --git a/auth4genai/how-tos/get-salesforce-opportunities.mdx b/auth4genai/how-tos/get-salesforce-opportunities.mdx index 71fcaa934..742e74f15 100644 --- a/auth4genai/how-tos/get-salesforce-opportunities.mdx +++ b/auth4genai/how-tos/get-salesforce-opportunities.mdx @@ -31,7 +31,7 @@ SALESFORCE_INSTANCE_URL=https://your-instance.salesforce.com Create an AI tool that gets a list of opportunities from Salesforce and a backend route that uses Auth0 to get a Salesforce access token: -- When the tool calls `auth0.getAccessTokenForConnection()`, pass `sfdc` as the connection name to get a Salesforce access token. +- When the tool calls `auth0.getAccessTokenFromTokenVault()`, pass `sfdc` as the connection name to get a Salesforce access token. ```tsx app/api/chat/route.js wrap lines import { openai } from "@ai-sdk/openai"; diff --git a/auth4genai/integrations/github.mdx b/auth4genai/integrations/github.mdx index 40c97fbe5..d44e9198d 100644 --- a/auth4genai/integrations/github.mdx +++ b/auth4genai/integrations/github.mdx @@ -83,7 +83,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi ```tsx wrap lines const auth0AI = new Auth0AI(); - export const withGitHubConnection = auth0AI.withTokenForConnection({ + export const withGitHubConnection = auth0AI.withTokenVault({ connection: "github", // scopes are not supported for GitHub yet. Set required scopes when creating the accompanying GitHub app scopes: [], @@ -96,7 +96,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi ```python wrap lines auth0_ai = Auth0AI() - with_github_connection = auth0_ai.with_federated_connection( + with_github_connection = auth0_ai.with_token_vault( connection="github", # scopes are not supported for GitHub yet. Set required scopes when creating the accompanying GitHub app scopes=[], diff --git a/auth4genai/integrations/google.mdx b/auth4genai/integrations/google.mdx index 57e0250aa..1cf4aadcf 100644 --- a/auth4genai/integrations/google.mdx +++ b/auth4genai/integrations/google.mdx @@ -150,7 +150,7 @@ To configure the Token Vault for your Google connection, you can use the followi ```tsx wrap lines const auth0AI = new Auth0AI(); - export const withGoogleConnection = auth0AI.withTokenForConnection({ + export const withGoogleConnection = auth0AI.withTokenVault({ connection: "google-oauth2", scopes: ["https://www.googleapis.com/auth/calendar.freebusy", ...], refreshToken: getAuth0RefreshToken(), @@ -162,7 +162,7 @@ To configure the Token Vault for your Google connection, you can use the followi ```python wrap lines auth0_ai = Auth0AI() - with_google_connection = auth0_ai.with_federated_connection( + with_google_connection = auth0_ai.with_token_vault( connection="google-oauth2", scopes=["https://www.googleapis.com/auth/calendar.freebusy", ...], refresh_token=get_auth0_refresh_token, diff --git a/auth4genai/integrations/slack.mdx b/auth4genai/integrations/slack.mdx index d775c87ef..b7693d8f8 100644 --- a/auth4genai/integrations/slack.mdx +++ b/auth4genai/integrations/slack.mdx @@ -84,7 +84,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi ```tsx wrap lines const auth0AI = new Auth0AI(); - export const withSlackConnection = auth0AI.withTokenForConnection({ + export const withSlackConnection = auth0AI.withTokenVault({ connection: "sign-in-with-slack", scopes: ["channels:read", ...], refreshToken: getAuth0RefreshToken(), @@ -96,7 +96,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi ```python wrap lines auth0_ai = Auth0AI() - with_slack_connection = auth0_ai.with_federated_connection( + with_slack_connection = auth0_ai.with_token_vault( connection="sign-in-with-slack", scopes=["channels:read", ...], refresh_token=get_auth0_refresh_token, diff --git a/auth4genai/intro/call-others-apis-on-users-behalf.mdx b/auth4genai/intro/call-others-apis-on-users-behalf.mdx index 35e5f17c7..946dba761 100644 --- a/auth4genai/intro/call-others-apis-on-users-behalf.mdx +++ b/auth4genai/intro/call-others-apis-on-users-behalf.mdx @@ -1,6 +1,6 @@ --- title: Call Other's APIs on User's Behalf -description: "[Token Vault](/intro/token-vault) lets your AI agent call external APIs on the user's behalf. We provide SDKs for Python, JavaScript, and popular AI frameworks like LangChain, LlamaIndex, Genkit, and Vercel AI, making it easy and straightforward to get access tokens for your federated connections." +description: "[Token Vault](/intro/token-vault) lets your AI agent call external APIs on the user's behalf. We provide SDKs for Python, JavaScript, and popular AI frameworks like LangChain, LlamaIndex, Genkit, and Vercel AI, making it easy and straightforward to get access tokens for your third-party connections." --- ## Web applications with backend for frontend @@ -135,4 +135,4 @@ To begin using Auth0 Token Vault with your AI agents, refer to the following res icon="key" horizontal /> - \ No newline at end of file + diff --git a/auth4genai/sdks/javascript-sdk.mdx b/auth4genai/sdks/javascript-sdk.mdx index 28b3cf792..163ca1bb4 100644 --- a/auth4genai/sdks/javascript-sdk.mdx +++ b/auth4genai/sdks/javascript-sdk.mdx @@ -63,7 +63,7 @@ This library helps to set up the React components that can be used in AI applica - Tools for getting access tokens for supported social and enterprise identity providers ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` ### [Redis Store for Auth0 AI](https://github.com/auth0-lab/auth0-ai-js/tree/main/packages/ai-redis) diff --git a/auth4genai/snippets/get-started/langchain-fastapi-py/async-auth.mdx b/auth4genai/snippets/get-started/langchain-fastapi-py/async-auth.mdx index 2fa869a07..1def367ae 100644 --- a/auth4genai/snippets/get-started/langchain-fastapi-py/async-auth.mdx +++ b/auth4genai/snippets/get-started/langchain-fastapi-py/async-auth.mdx @@ -34,7 +34,7 @@ Make sure you have [uv](https://docs.astral.sh/uv/) installed and run the follow ```bash wrap lines cd backend uv sync -uv add "auth0-ai-langchain>=1.0.0b3" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]" --prerelease=allow +uv add "auth0-ai-langchain>=TODO_NEW_VERSION_HERE" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]" --prerelease=allow ``` ### Update the environment file @@ -47,7 +47,7 @@ Integrate the Auth0 AI SDK into your application to secure your async AI agent w #### Configure the Auth0 AI SDK -To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `with_async_user_confirmation()`. Let's create a helper function to wrap the tool with the Async authorizer. +To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `with_async_authorization()`. Let's create a helper function to wrap the tool with the Async authorizer. Create a file at `app/core/auth0_ai.py` and instantiate a new Auth0 AI SDK client: @@ -68,7 +68,7 @@ auth0_ai = Auth0AI( ) ) -with_async_user_confirmation = auth0_ai.with_async_user_confirmation( +with_async_authorization = auth0_ai.with_async_authorization( audience=settings.SHOP_API_AUDIENCE, # add any scopes you want to use with your API scopes=["openid", "product:buy"], @@ -90,9 +90,9 @@ with_async_user_confirmation = auth0_ai.with_async_user_confirmation( ) ``` -This will intercept the tool call to initiate a CIBA request: +This will intercept the tool call to initiate an Async Authorization request: -- The CIBA request includes the user ID that will approve the request. +- The Async Authorization request includes the user ID that will approve the request. - Auth0 sends the user a mobile push notification. The AI agent polls the `/token` endpoint for a user response. - The mobile application retrieves the `bindingMessage` containing the consent details, in this case, the details of the product to purchase. - The user responds to the request: @@ -146,10 +146,10 @@ Now, create a file `app/agents/tools/shop_online.py` and add the following code: ```python app/agents/tools/shop_online.py wrap lines import httpx from langchain_core.tools import StructuredTool -from auth0_ai_langchain.ciba import get_ciba_credentials +from auth0_ai_langchain.ciba import get_async_ from pydantic import BaseModel -from app.core.auth0_ai import with_async_user_confirmation +from app.core.auth0_ai import with_async_authorization from app.core.config import settings @@ -202,7 +202,7 @@ async def shop_online_fn(product: str, quantity: int): } -shop_online = with_async_user_confirmation( +shop_online = with_async_authorization( StructuredTool( name="shop_online", description="Tool to buy products online.", diff --git a/auth4genai/snippets/get-started/langchain-fastapi-py/auth-for-rag.mdx b/auth4genai/snippets/get-started/langchain-fastapi-py/auth-for-rag.mdx index 6cb426973..e79fab047 100644 --- a/auth4genai/snippets/get-started/langchain-fastapi-py/auth-for-rag.mdx +++ b/auth4genai/snippets/get-started/langchain-fastapi-py/auth-for-rag.mdx @@ -35,7 +35,7 @@ Make sure you have [uv](https://docs.astral.sh/uv/) installed and run the follow ```bash wrap lines cd backend uv sync -uv add "auth0-ai-langchain>=1.0.0b3" openfga-sdk langgraph langchain-openai "langgraph-cli[inmem]" --prerelease=allow +uv add "auth0-ai-langchain>=TODO_NEW_VERSION_HERE" openfga-sdk langgraph langchain-openai "langgraph-cli[inmem]" --prerelease=allow ``` ### Update the environment file diff --git a/auth4genai/snippets/get-started/langchain-fastapi-py/call-others-api.mdx b/auth4genai/snippets/get-started/langchain-fastapi-py/call-others-api.mdx index 931bcad2b..0440a1f27 100644 --- a/auth4genai/snippets/get-started/langchain-fastapi-py/call-others-api.mdx +++ b/auth4genai/snippets/get-started/langchain-fastapi-py/call-others-api.mdx @@ -13,7 +13,7 @@ import { AccountAndAppSteps } from "/snippets/get-started/prerequisites/account- - + ### Clone sample app Clone this sample app from the [Auth0 AI samples](https://github.com/auth0-samples/auth0-ai-samples) repository: @@ -134,7 +134,7 @@ Make sure you have [uv](https://docs.astral.sh/uv/) installed and run the follow ```bash wrap lines cd backend uv sync -uv add "auth0-ai-langchain>=1.0.0b3" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]" google-api-python-client --prerelease=allow +uv add "auth0-ai-langchain>=TODO_NEW_VERSION_HERE" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]>=0.3.6" google-api-python-client --prerelease=allow ``` ### Update your environment file @@ -191,7 +191,7 @@ auth0_ai = Auth0AI( ) ) -with_calendar_access = auth0_ai.with_federated_connection( +with_calendar_access = auth0_ai.with_token_vault( connection="google-oauth2", scopes=["https://www.googleapis.com/auth/calendar.events"], ) @@ -244,7 +244,7 @@ from google.oauth2.credentials import Credentials from googleapiclient.discovery import build from pydantic import BaseModel from auth0_ai_langchain.federated_connections import ( - get_access_token_for_connection, + get_access_token_from_token_vault, ) import datetime import json @@ -253,10 +253,10 @@ from app.core.auth0_ai import with_calendar_access async def list_upcoming_events_fn(): """List upcoming events from the user's Google Calendar""" - google_access_token = get_access_token_for_connection() + google_access_token = get_access_token_from_token_vault() if not google_access_token: raise ValueError( - "Authorization required to access the Federated Connection API" + "Authorization required to access the Token Vault Connection API" ) calendar_service = build( @@ -328,18 +328,18 @@ To implement, install the Auth0 AI Components for React SDK to get the required ```bash wrap lines cd frontend npm install @auth0/ai @langchain/langgraph-sdk -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Add a new file, `src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx`, with the following code: -```tsx src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx wrap lines -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; +```tsx src/components/auth0-ai/TokenVault/TokenVaultInterruptHandler.tsx wrap lines +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; import type { Interrupt } from "@langchain/langgraph-sdk"; -import { EnsureAPIAccess } from "@/components/auth0-ai/FederatedConnections"; +import { TokenVaultConsent } from "@/components/auth0-ai/TokenVault"; -interface FederatedConnectionInterruptHandlerProps { +interface TokenVaultInterruptHandlerProps { interrupt: Interrupt | undefined | null; onFinish: () => void; auth?: { @@ -348,21 +348,21 @@ interface FederatedConnectionInterruptHandlerProps { }; } -export function FederatedConnectionInterruptHandler({ +export function TokenVaultInterruptHandler({ interrupt, onFinish, auth, -}: FederatedConnectionInterruptHandlerProps) { +}: TokenVaultInterruptHandlerProps) { if ( !interrupt || - !FederatedConnectionInterrupt.isInterrupt(interrupt.value) + !TokenVaultInterrupt.isInterrupt(interrupt.value) ) { return null; } return (
- - \ No newline at end of file + diff --git a/auth4genai/snippets/get-started/langchain-next-js/async-auth.mdx b/auth4genai/snippets/get-started/langchain-next-js/async-auth.mdx index 1b5b71092..ea18b7a79 100644 --- a/auth4genai/snippets/get-started/langchain-next-js/async-auth.mdx +++ b/auth4genai/snippets/get-started/langchain-next-js/async-auth.mdx @@ -36,7 +36,7 @@ Integrate the Auth0 AI SDK into your application to secure your async AI agent w #### Configure the Auth0 AI SDK -To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `withAsyncUserConfirmation()`. Let's create a helper function to wrap the tool with the Async authorizer. +To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `withAsyncAuthorization()`. Let's create a helper function to wrap the tool with the Async authorizer. Create a file at `src/lib/auth0-ai.ts` and instantiate a new Auth0 AI SDK client: @@ -47,7 +47,7 @@ import { AccessDeniedInterrupt } from "@auth0/ai/interrupts"; const auth0AI = new Auth0AI(); // CIBA flow for user confirmation -export const withAsyncAuthorization = auth0AI.withAsyncUserConfirmation({ +export const withAsyncAuthorization = auth0AI.withAsyncAuthorization({ userID: async (_params, config) => { return config?.configurable?._credentials?.user?.sub; }, @@ -76,9 +76,9 @@ export const withAsyncAuthorization = auth0AI.withAsyncUserConfirmation({ }); ``` -This will intercept the tool call to initiate a CIBA request: +This will intercept the tool call to initiate an Async Authorization request: -- The CIBA request includes the user ID that will approve the request. +- The Async Authorization request includes the user ID that will approve the request. - Auth0 sends the user a mobile push notification. The AI agent polls the `/token` endpoint for a user response. - The mobile application retrieves the `bindingMessage` containing the consent details, in this case, the details of the product to purchase. - The user responds to the request: @@ -167,7 +167,7 @@ export const shopOnlineTool = tool( priceLimit, }; - const credentials = getCIBACredentials(); + const credentials = getAsyncAuthorizationCredentials(); const accessToken = credentials?.accessToken; if (accessToken) { diff --git a/auth4genai/snippets/get-started/langchain-next-js/call-others-api.mdx b/auth4genai/snippets/get-started/langchain-next-js/call-others-api.mdx index 1677965dc..1c1ae9344 100644 --- a/auth4genai/snippets/get-started/langchain-next-js/call-others-api.mdx +++ b/auth4genai/snippets/get-started/langchain-next-js/call-others-api.mdx @@ -7,7 +7,7 @@ import { AccountAndAppSteps } from "/snippets/get-started/prerequisites/account- - + ### Clone sample app Clone this sample app from the [Auth0 AI samples](https://github.com/auth0-samples/auth0-ai-samples) repository: @@ -28,7 +28,7 @@ AUTH0_CLIENT_ID='' AUTH0_CLIENT_SECRET='' # OpenAI API Key or any provider supported by the Vercel AI SDK -OPENAI_API_KEY="YOUR_API_KEY" +OPENAI_API_KEY="YOUR_API_KEY" # LANGGRAPH LANGGRAPH_API_URL=http://localhost:54367 @@ -130,12 +130,12 @@ Create a file `src/lib/auth0-ai.ts` to instantiate the Auth0 AI SDK client: import { Auth0AI, getAccessTokenForConnection } from "@auth0/ai-langchain"; // Get the access token for a connection via Auth0 -export const getAccessToken = async () => getAccessTokenForConnection(); +export const getAccessToken = async () => getAccessTokenFromTokenVault(); const auth0AI = new Auth0AI(); // Connection for Google services -export const withGoogleConnection = auth0AI.withTokenForConnection({ +export const withGoogleConnection = auth0AI.withTokenVault({ connection: "google-oauth2", scopes: ["https://www.googleapis.com/auth/gmail.readonly"], }); @@ -196,7 +196,7 @@ Once the user is authenticated, you can fetch an access token from Token Vault u Once you've obtained the access token for a connection, you can use it with an AI agent to fetch data during a tool call and provide contextual data in its response. This example uses `GmailSearch` from the `@langchain/community` tools. This tool will use the access token provided by Token Vault to query for emails. -Update your tool call to request an access token, as shown in the following example: +Update your tool call to request an access token, as shown in the following example: ```ts src/lib/agent.ts wrap lines highlight={2-3,8-12,16,23} //... @@ -237,36 +237,36 @@ When you try to use the tool, the application requests any additional Google sco To implement, install the Auth0 AI Components for Next.js SDK to get the required UI components: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Add a new file, `src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx`, with the following code: -```tsx src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx wrap lines -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; +```tsx src/components/auth0-ai/TokenVault/TokenVaultInterruptHandler.tsx wrap lines +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; import type { Interrupt } from "@langchain/langgraph-sdk"; -import { EnsureAPIAccess } from "@/components/auth0-ai/FederatedConnections"; +import { TokenVaultConsent } from "@/components/auth0-ai/TokenVault"; -interface FederatedConnectionInterruptHandlerProps { +interface TokenVaultInterruptHandlerProps { interrupt: Interrupt | undefined | null; onFinish: () => void; } -export function FederatedConnectionInterruptHandler({ +export function TokenVaultInterruptHandler({ interrupt, onFinish, -}: FederatedConnectionInterruptHandlerProps) { +}: TokenVaultInterruptHandlerProps) { if ( !interrupt || - !FederatedConnectionInterrupt.isInterrupt(interrupt.value) + !TokenVaultInterrupt.isInterrupt(interrupt.value) ) { return null; } return (
-
- chat.submit(null)} /> + chat.submit(null)} />
) diff --git a/auth4genai/snippets/get-started/vercel-ai-next-js/async-auth.mdx b/auth4genai/snippets/get-started/vercel-ai-next-js/async-auth.mdx index 605bc30b6..220345ef8 100644 --- a/auth4genai/snippets/get-started/vercel-ai-next-js/async-auth.mdx +++ b/auth4genai/snippets/get-started/vercel-ai-next-js/async-auth.mdx @@ -36,7 +36,7 @@ Integrate the Auth0 AI SDK into your application to secure your async AI agent w #### Configure the Auth0 AI SDK -To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `withAsyncUserConfirmation()`. Let's create a helper function to wrap the tool with the Async authorizer. +To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `withAsyncAuthorization()`. Let's create a helper function to wrap the tool with the Async authorizer. Create a file at `src/lib/auth0-ai.ts` and instantiate a new Auth0 AI SDK client: @@ -49,7 +49,7 @@ import { getUser } from "./auth0"; const auth0AI = new Auth0AI(); // CIBA flow for user confirmation -export const withAsyncAuthorization = auth0AI.withAsyncUserConfirmation({ +export const withAsyncAuthorization = auth0AI.withAsyncAuthorization({ userID: async () => { const user = await getUser(); return user?.sub as string; @@ -79,9 +79,9 @@ export const withAsyncAuthorization = auth0AI.withAsyncUserConfirmation({ }); ``` -This will intercept the tool call to initiate a CIBA request: +This will intercept the tool call to initiate an Async Authorization request: -- The CIBA request includes the user ID that will approve the request. +- The Async Authorization request includes the user ID that will approve the request. - Auth0 sends the user a mobile push notification. The AI agent polls the `/token` endpoint for a user response. - The mobile application retrieves the `bindingMessage` containing the consent details, in this case, the details of the product to purchase. - The user responds to the request: @@ -114,7 +114,7 @@ Now, create and wrap the tool with the Async authorizer. Create a file `src/lib/ import { tool } from "ai"; import { z } from "zod"; -import { getCIBACredentials } from "@auth0/ai-vercel"; +import { getAsyncAuthorizationCredentials } from "@auth0/ai-vercel"; import { withAsyncAuthorization } from "../auth0-ai"; export const shopOnlineTool = withAsyncAuthorization( @@ -145,7 +145,7 @@ export const shopOnlineTool = withAsyncAuthorization( priceLimit, }; - const credentials = getCIBACredentials(); + const credentials = getAsyncAuthorizationCredentials(); const accessToken = credentials?.accessToken; if (accessToken) { diff --git a/auth4genai/snippets/get-started/vercel-ai-next-js/call-others-api.mdx b/auth4genai/snippets/get-started/vercel-ai-next-js/call-others-api.mdx index 6867b1b42..edf34c92e 100644 --- a/auth4genai/snippets/get-started/vercel-ai-next-js/call-others-api.mdx +++ b/auth4genai/snippets/get-started/vercel-ai-next-js/call-others-api.mdx @@ -7,7 +7,7 @@ import { AccountAndAppSteps } from "/snippets/get-started/prerequisites/account- - + ### Clone sample app Clone this sample app from the [Auth0 AI samples](https://github.com/auth0-samples/auth0-ai-samples) repository: @@ -119,16 +119,16 @@ Use the [Auth0 AI SDK for Vercel AI](https://github.com/auth0-lab/auth0-ai-js/tr Create a file at `src/lib/auth0-ai.ts` to instantiate the Auth0 AI SDK client: ```tsx src/lib/auth0-ai.ts wrap lines -import { Auth0AI, getAccessTokenForConnection } from "@auth0/ai-vercel"; +import { Auth0AI, getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; import { getRefreshToken } from "./auth0"; // Get the access token for a connection via Auth0 -export const getAccessToken = async () => getAccessTokenForConnection(); +export const getAccessToken = async () => getAccessTokenFromTokenVault(); const auth0AI = new Auth0AI(); // Connection for Google services -export const withGoogleConnection = auth0AI.withTokenForConnection({ +export const withGoogleConnection = auth0AI.withTokenVault({ connection: "google-oauth2", scopes: ["https://www.googleapis.com/auth/calendar.events"], refreshToken: getRefreshToken, @@ -158,7 +158,7 @@ Once the user is authenticated, you can fetch an access token from the Token Vau Once you've obtained the access token for a social connection, you can use it with an AI agent to fetch data during a tool call and provide contextual data in its response. In this example, we define a tool call, `getCalendarEventsTool`, that uses the access token with the Google Calendar API to query for calendar events on a specific date. -Update your tool call to request an access token similar to this example: +Update your tool call to request an access token similar to this example: ```ts src/lib/tools/google-calendar.ts wrap lines import { tool } from 'ai'; @@ -166,7 +166,7 @@ import { endOfDay, formatISO, startOfDay } from 'date-fns'; import { GaxiosError } from 'gaxios'; import { google } from 'googleapis'; import { z } from 'zod'; -import { FederatedConnectionError } from '@auth0/ai/interrupts'; +import { TokenVaultError } from '@auth0/ai/interrupts'; import { getAccessToken, withGoogleConnection } from '../auth0-ai'; @@ -225,7 +225,7 @@ export const getCalendarEventsTool = withGoogleConnection( } catch (error) { if (error instanceof GaxiosError) { if (error.status === 401) { - throw new FederatedConnectionError(`Authorization required to access the Federated Connection`); + throw new TokenVaultError(`Authorization required to access the Federated Connection`); } } @@ -244,31 +244,31 @@ When you try to use the tool, the application requests any additional Google sco To implement, install the Auth0 AI Components for Next.js SDK to get the required UI components: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Add a new file, `src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx` with the following code: -```tsx src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx wrap lines -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; +```tsx src/components/auth0-ai/TokenVault/TokenVaultInterruptHandler.tsx wrap lines +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; import type { Auth0InterruptionUI } from "@auth0/ai-vercel/react"; -import { EnsureAPIAccess } from "@/components/auth0-ai/FederatedConnections"; +import { TokenVaultConsent } from "@/components/auth0-ai/TokenVault"; -interface FederatedConnectionInterruptHandlerProps { +interface TokenVaultInterruptHandlerProps { interrupt: Auth0InterruptionUI | null; } -export function FederatedConnectionInterruptHandler({ +export function TokenVaultInterruptHandler({ interrupt, -}: FederatedConnectionInterruptHandlerProps) { - if (!FederatedConnectionInterrupt.isInterrupt(interrupt)) { +}: TokenVaultInterruptHandlerProps) { + if (!TokenVaultInterrupt.isInterrupt(interrupt)) { return null; } return (
-
- +
) @@ -395,4 +395,4 @@ That's it! You successfully integrated third-party API access using Token Vault Want to see how it all comes together? Explore or clone the fully implemented sample application [here on GitHub](https://github.com/auth0-samples/auth0-ai-samples/tree/main/call-apis-on-users-behalf/others-api/vercel-ai-next-js). - \ No newline at end of file + diff --git a/auth4genai/snippets/get-started/vercel-ai-node-js/async-auth.mdx b/auth4genai/snippets/get-started/vercel-ai-node-js/async-auth.mdx index 5b155a86f..4cb58d2f0 100644 --- a/auth4genai/snippets/get-started/vercel-ai-node-js/async-auth.mdx +++ b/auth4genai/snippets/get-started/vercel-ai-node-js/async-auth.mdx @@ -52,11 +52,11 @@ STOCK_API_AUDIENCE=sample-stock-api #### 2. Require async authorization for your tool -To require asynchronous authorization for your tool wrap the tool with the Async authorizer, `withAsyncUserConfirmation()`. +To require asynchronous authorization for your tool wrap the tool with the Async authorizer, `withAsyncAuthorization()`. -Wrap the tool with the Async authorizer in `src/lib/tools/buy.ts`. This will intercept the tool call to initiate a CIBA request: +Wrap the tool with the Async authorizer in `src/lib/tools/buy.ts`. This will intercept the tool call to initiate an Async Authorization request: -- The CIBA request includes the user ID that will approve the request. +- The Async Authorization request includes the user ID that will approve the request. - Auth0 sends the user a mobile push notification. The AI agent polls the `/token` endpoint for a user response. - The mobile application retrieves the `binding_message` containing the consent details, in this case, the quantity of stock to purchase for a stock ticker. - The user responds to the request: @@ -80,7 +80,7 @@ import "dotenv/config"; import { tool } from "ai"; import { z } from "zod"; -import { Auth0AI, getCIBACredentials } from "@auth0/ai-vercel"; +import { Auth0AI, getAsyncAuthorizationCredentials } from "@auth0/ai-vercel"; import { AccessDeniedInterrupt } from "@auth0/ai/interrupts"; export type Context = { userId: string; @@ -90,7 +90,7 @@ const auth0AI = new Auth0AI(); export const buy = (context: Context) => { // highlight-next-line - const withAsyncAuthorization = auth0AI.withAsyncUserConfirmation({ + const withAsyncAuthorization = auth0AI.withAsyncAuthorization({ // highlight-next-line userID: context.userId, // highlight-next-line @@ -135,7 +135,7 @@ export const buy = (context: Context) => { qty: qty, }; // highlight-next-line - const credentials = getCIBACredentials(); + const credentials = getAsyncAuthorizationCredentials(); const accessToken = credentials?.accessToken?.value; if (accessToken) { diff --git a/auth4genai/snippets/get-started/vercel-ai-react-spa-js/call-others-api.mdx b/auth4genai/snippets/get-started/vercel-ai-react-spa-js/call-others-api.mdx index f5f998c49..5c201392a 100644 --- a/auth4genai/snippets/get-started/vercel-ai-react-spa-js/call-others-api.mdx +++ b/auth4genai/snippets/get-started/vercel-ai-react-spa-js/call-others-api.mdx @@ -88,21 +88,21 @@ PORT=3001 Unlike the Next.js example, which uses refresh tokens, this React SPA approach uses **access tokens** for token exchange with Token Vault. The SPA handles step-up authorization using Auth0 SPA SDK's `loginWithPopup()` method to display the consent screen and allow the user to grant additional permissions. -Create `client/src/components/FederatedConnectionPopup.tsx`: +Create `client/src/components/TokenVaultConsentPopup.tsx`: -```tsx client/src/components/FederatedConnectionPopup.tsx wrap lines +```tsx client/src/components/TokenVaultConsentPopup.tsx wrap lines import { getAuth0Client } from "../lib/auth0"; import { Button } from "./ui/button"; import { Card, CardContent, CardHeader, CardTitle } from "./ui/card"; import type { Auth0InterruptionUI } from "@auth0/ai-vercel/react"; -interface FederatedConnectionPopupProps { +interface TokenVaultConsentPopupProps { interrupt: Auth0InterruptionUI; } -export function FederatedConnectionPopup({ +export function TokenVaultConsentPopup({ interrupt, -}: FederatedConnectionPopupProps) { +}: TokenVaultConsentPopupProps) { const [isLoading, setIsLoading] = useState(false); const { connection, requiredScopes, resume } = interrupt; @@ -200,7 +200,7 @@ import { tool } from "ai"; import { google } from "googleapis"; import { z } from "zod"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; import type { ToolWrapper } from "@auth0/ai-vercel"; @@ -218,7 +218,7 @@ export const createListUserCalendarsTool = ( parameters: z.object({}), execute: async () => { // Get the access token from Token Vault using the enhanced SDK - const token = getAccessTokenForConnection(); + const token = getAccessTokenFromTokenVault(); const calendar = google.calendar("v3"); const auth = new google.auth.OAuth2(); @@ -268,7 +268,7 @@ export const createGoogleCalendarTool = (c: Context): ToolWrapper => { if (!accessToken) { throw new Error("Access token not available in auth context"); } - return auth0AI.withTokenForConnection({ + return auth0AI.withTokenVault({ accessToken: async () => accessToken, subjectTokenType: SUBJECT_TOKEN_TYPES.SUBJECT_TYPE_ACCESS_TOKEN, connection: process.env.GOOGLE_CONNECTION_NAME || "google-oauth2", @@ -356,7 +356,7 @@ export const app = new Hono().post("/chat", jwtAuthMiddleware(), async (c) => { // Handle Auth0 AI interrupts if ( error.cause instanceof Auth0Interrupt || - error.cause instanceof FederatedConnectionInterrupt + error.cause instanceof TokenVaultInterrupt ) { const serializableError = { ...error.cause.toJSON(), @@ -393,7 +393,7 @@ import { Loader2, Send, Trash2 } from "lucide-react"; import { useChat } from "@ai-sdk/react"; import { useInterruptions } from "@auth0/ai-vercel/react"; import { useAuth0 } from "../hooks/useAuth0"; -import { FederatedConnectionPopup } from "./FederatedConnectionPopup"; +import { TokenVaultConsentPopup } from "./TokenVaultConsentPopup"; import { Button } from "./ui/button"; import { Card, CardContent, CardHeader, CardTitle } from "./ui/card"; import { Input } from "./ui/input"; @@ -513,7 +513,7 @@ export function Chat() { {/* Step-Up Auth Interrupt Handling */} {toolInterrupt && ( - + )} {/* Input form */} diff --git a/auth4genai/snippets/how-tos/github/ai-sdk.mdx b/auth4genai/snippets/how-tos/github/ai-sdk.mdx index 7e19b69d5..3ae9828a3 100644 --- a/auth4genai/snippets/how-tos/github/ai-sdk.mdx +++ b/auth4genai/snippets/how-tos/github/ai-sdk.mdx @@ -14,7 +14,7 @@ import { auth0 } from "@/lib/auth0"; const auth0AI = new Auth0AI(); -export const withGitHub = auth0AI.withTokenForConnection({ +export const withGitHub = auth0AI.withTokenVault({ connection: "github", scopes: ["repo"], refreshToken: async () => { @@ -37,8 +37,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the GitHub A ```typescript ./src/lib/tools/listRepositories.ts wrap lines highlight={2-4,9,15,19-21,31-33} import { Octokit, RequestError } from "octokit"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGitHub } from "@/lib/auth0-ai"; import { tool } from "ai"; import { z } from "zod"; @@ -50,7 +50,7 @@ export const listRepositories = withGitHub( parameters: z.object({}), execute: async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // GitHub SDK try { @@ -66,8 +66,8 @@ export const listRepositories = withGitHub( if (error instanceof RequestError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -126,10 +126,10 @@ export async function POST(request: Request) { #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -139,8 +139,8 @@ Then, you can integrate the authentication popup in your chat component, using t import { useChat } from "@ai-sdk/react"; import { useInterruptions } from "@auth0/ai-vercel/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; export default function Chat() { const { messages, handleSubmit, input, setInput, toolInterrupt } = @@ -159,8 +159,8 @@ export default function Chat() {
))} - {FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - ({ threadID: getAgent().name })); const auth0AI = new Auth0AI(); -export const withGitHub = auth0AI.withTokenForConnection({ +export const withGitHub = auth0AI.withTokenVault({ connection: "github", scopes: ["repo"], refreshToken: async () => { @@ -52,8 +52,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Github A ```typescript ./src/agent/tools/listRepositories.ts wrap lines highlight={2-4,9,15,19-21,31-33} import { Octokit, RequestError } from "octokit"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGitHub } from "@/lib/auth0-ai"; import { tool } from "ai"; import { z } from "zod"; @@ -65,7 +65,7 @@ export const listRepositories = withGitHub( parameters: z.object({}), execute: async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // GitHub SDK try { @@ -81,8 +81,8 @@ export const listRepositories = withGitHub( if (error instanceof RequestError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -180,10 +180,10 @@ The name of the user is ${claims?.name ?? "unknown"}. #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Github and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Github and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -193,8 +193,8 @@ Then, you can integrate the authentication popup in your chat component, using t import { useChat } from "@ai-sdk/react"; import { useAgentChatInterruptions } from "@auth0/ai-cloudflare/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; export default function Chat() { @@ -221,8 +221,8 @@ export default function Chat() {
))} - {FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - { @@ -43,7 +43,7 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the GitHub A import { Octokit, RequestError } from "octokit"; import { z } from "zod"; import { getAccessTokenForConnection } from "@auth0/ai-genkit"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGoogleCalendar } from "@/lib/auth0-ai"; // importing GenKit instance @@ -58,7 +58,7 @@ export const listRepositories = ai.defineTool( }, async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); try { // GitHub SDK @@ -72,8 +72,8 @@ export const listRepositories = ai.defineTool( } catch (error) { if (error instanceof RequestError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -174,10 +174,10 @@ export async function GET( #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -186,8 +186,8 @@ Then, you can integrate the authentication popup in your chat component, using t "use client"; import { useQueryState } from "nuqs"; import { FormEventHandler, useEffect, useRef, useState } from "react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; import Markdown from "react-markdown"; const useFocus = () => { @@ -304,14 +304,14 @@ export default function Chat() { {!isLoading && message.content[0].metadata?.interrupt && - FederatedConnectionInterrupt.isInterrupt( + TokenVaultInterrupt.isInterrupt( message.content[0].metadata?.interrupt ) ? (() => { const interrupt: any = message.content[0].metadata?.interrupt; return (
- submit({ interruptedToolRequest: message.content[0] })} interrupt={interrupt} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/github/langgraph-python.mdx b/auth4genai/snippets/how-tos/github/langgraph-python.mdx index 3388d5bac..97becad24 100644 --- a/auth4genai/snippets/how-tos/github/langgraph-python.mdx +++ b/auth4genai/snippets/how-tos/github/langgraph-python.mdx @@ -13,7 +13,7 @@ from auth0_ai_langchain.auth0_ai import Auth0AI auth0_ai = Auth0AI() -with_github = auth0_ai.with_federated_connection( +with_github = auth0_ai.with_token_vault( connection="github", scopes=["repo"] # Optional: By default, the SDK will expect the refresh token from @@ -32,7 +32,7 @@ from github import Github from github.GithubException import BadCredentialsException from pydantic import BaseModel from langchain_core.tools import StructuredTool -from auth0_ai_langchain.federated_connections import get_access_token_for_connection, FederatedConnectionError +from auth0_ai_langchain.federated_connections import get_access_token_from_token_vault, TokenVaultError from src.lib.auth0_ai import with_github class EmptySchema(BaseModel): @@ -40,7 +40,7 @@ class EmptySchema(BaseModel): def list_repositories_tool_function(date: datetime): # Get the access token from Auth0 AI - access_token = get_access_token_for_connection() + access_token = get_access_token_from_token_vault() # GitHub SDK try: @@ -50,7 +50,7 @@ def list_repositories_tool_function(date: datetime): repo_names = [repo.name for repo in repos] return repo_names except BadCredentialsException: - raise FederatedConnectionError("Authorization required to access the Federated Connection API") + raise TokenVaultError("Authorization required to access the Token Vault Connection API") list_github_repositories_tool = with_github(StructuredTool( name="list_github_repositories", @@ -98,7 +98,7 @@ workflow = ( "tools", ToolNode( [ - # a tool with federated connection access + # a tool with Token Vault access list_github_repositories_tool, # ... other tools ], @@ -167,18 +167,18 @@ You can check different authentication options for Next.js with Auth0 at the [of #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: ```tsx ./src/components/chat.tsx wrap lines highlight={2-3,62-74} import { useStream } from "@langchain/langgraph-sdk/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; const useFocus = () => { const htmlElRef = useRef(null); @@ -237,9 +237,9 @@ export default function Chat() {
))} - {thread.interrupt && FederatedConnectionInterrupt.isInterrupt(thread.interrupt.value) ? ( + {thread.interrupt && TokenVaultInterrupt.isInterrupt(thread.interrupt.value) ? (
- thread.submit(null)} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/github/langgraph.mdx b/auth4genai/snippets/how-tos/github/langgraph.mdx index 6a21088c7..909b6e166 100644 --- a/auth4genai/snippets/how-tos/github/langgraph.mdx +++ b/auth4genai/snippets/how-tos/github/langgraph.mdx @@ -21,7 +21,7 @@ const auth0AI = new Auth0AI({ }); const withAccessTokenForConnection = (connection: string, scopes: string[]) => - auth0AI.withTokenForConnection({ + auth0AI.withTokenVault({ connection, scopes, accessToken: async (_, config) => { @@ -40,8 +40,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the GitHub A ```typescript ./src/lib/tools/listRepositories.ts wrap lines highlight={3-5,9,12,16-18,28-30} import { Octokit } from "@octokit/rest"; import { RequestError } from "@octokit/request-error"; -import { getAccessTokenForConnection } from "@auth0/ai-langchain"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-langchain"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGitHub } from "@/lib/auth0-ai"; import { tool } from "@langchain/core/tools"; import { z } from "zod"; @@ -49,7 +49,7 @@ import { z } from "zod"; export const listRepositories = withGitHub( tool(async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // GitHub SDK try { @@ -65,8 +65,8 @@ export const listRepositories = withGitHub( if (error instanceof RequestError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -291,18 +291,18 @@ export { auth as authHandler }; #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: ```tsx ./src/components/chat.tsx wrap lines highlight={2-3,62-74} import { useStream } from "@langchain/langgraph-sdk/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; const useFocus = () => { const htmlElRef = useRef(null); @@ -361,9 +361,9 @@ export default function Chat() {
))} - {thread.interrupt && FederatedConnectionInterrupt.isInterrupt(thread.interrupt.value) ? ( + {thread.interrupt && TokenVaultInterrupt.isInterrupt(thread.interrupt.value) ? (
- thread.submit(null)} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/github/llamaindex-python.mdx b/auth4genai/snippets/how-tos/github/llamaindex-python.mdx index d20405916..c79492e31 100644 --- a/auth4genai/snippets/how-tos/github/llamaindex-python.mdx +++ b/auth4genai/snippets/how-tos/github/llamaindex-python.mdx @@ -14,7 +14,7 @@ from flask import session auth0_ai = Auth0AI() -with_github = auth0_ai.with_federated_connection( +with_github = auth0_ai.with_token_vault( connection="github", scopes=["repo"], refresh_token=lambda *_args, **_kwargs:session["user"]["refresh_token"], @@ -32,12 +32,12 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the GitHub A from github import Github from github.GithubException import BadCredentialsException from llama_index.core.tools import FunctionTool -from auth0_ai_llamaindex.federated_connections import get_access_token_for_connection, FederatedConnectionError +from auth0_ai_llamaindex.token_vault import get_access_token_from_token_vault, TokenVaultError from src.lib.auth0_ai import with_github def list_github_repositories_tool_function(): # Get the access token from Auth0 AI - access_token = get_access_token_for_connection() + access_token = get_access_token_from_token_vault() # GitHub SDK try: @@ -47,7 +47,7 @@ def list_github_repositories_tool_function(): repo_names = [repo.name for repo in repos] return repo_names except BadCredentialsException: - raise FederatedConnectionError("Authorization required to access the Federated Connection") + raise TokenVaultError("Authorization required to access the Token Vault Connection") list_github_repositories_tool = with_github(FunctionTool.from_defaults( name="list_github_repositories", @@ -70,7 +70,7 @@ system_prompt = f"""You are an assistant designed to answer random user's questi agent = OpenAIAgent.from_tools( tools=[ - # a tool with federated connection access + # a tool with Token Vault access list_github_repositories_tool # ... other tools ], @@ -88,14 +88,14 @@ Interrupts are a way for the system to pause execution and prompt the user to ta On the server side of your Flask application you will need to set up a route to handle the Chat API requests. This route will be responsible for forwarding the requests to the OpenAI API utilizing LlamaIndex's SDK, that has been initialized with Auth0 AI's protection enhancements for tools. -When `FederatedConnectionInterrupt` error ocurrs, the server side will signal the front-end about the level access restrictions, and the front-end should prompt the user to trigger a new authorization (or login) request with the necessary permissions. +When `TokenVaultInterrupt` error ocurrs, the server side will signal the front-end about the level access restrictions, and the front-end should prompt the user to trigger a new authorization (or login) request with the necessary permissions. ```python ./src/app.py wrap lines highlight={3-5,19-20} from dotenv import load_dotenv from flask import Flask, request, jsonify, session from auth0_ai_llamaindex.auth0_ai import Auth0AI -from auth0_ai_llamaindex.federated_connections import FederatedConnectionInterrupt +from auth0_ai_llamaindex.token_vault import TokenVaultInterrupt from src.lib.agent import agent load_dotenv() @@ -110,7 +110,7 @@ async def chat(): message = request.json.get("message") response = agent.achat(message) return jsonify({"response": str(response)}) - except FederatedConnectionInterrupt as e: + except TokenVaultInterrupt as e: return jsonify({"error": str(e.to_json())}), 403 except Exception as e: return jsonify({"error": str(e)}), 500 diff --git a/auth4genai/snippets/how-tos/github/llamaindex.mdx b/auth4genai/snippets/how-tos/github/llamaindex.mdx index f25ebff31..17a670556 100644 --- a/auth4genai/snippets/how-tos/github/llamaindex.mdx +++ b/auth4genai/snippets/how-tos/github/llamaindex.mdx @@ -14,7 +14,7 @@ import { auth0 } from "@/lib/auth0"; const auth0AI = new Auth0AI(); -export const withGitHub = auth0AI.withTokenForConnection({ +export const withGitHub = auth0AI.withTokenVault({ connection: "github", scopes: ["repo"], refreshToken: async () => { @@ -38,8 +38,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the GitHub A import { Octokit, RequestError } from "octokit"; import { z } from "zod"; import { withGitHub } from "@/lib/auth0-ai"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { tool } from "llamaindex"; export const listRepositories = () => @@ -47,7 +47,7 @@ export const listRepositories = () => tool( async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // GitHub SDK try { @@ -61,8 +61,8 @@ export const listRepositories = () => } catch (error) { if (error instanceof RequestError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -132,10 +132,10 @@ export async function POST(request: Request) { #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -144,9 +144,9 @@ Then, you can integrate the authentication popup in your chat component, using t "use client"; import { generateId } from "ai"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; import { useInterruptions } from "@auth0/ai-vercel/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; import { useChat } from "@ai-sdk/react"; export default function Chat() { @@ -169,8 +169,8 @@ export default function Chat() { {message.parts && message.parts.length > 0 && (
{toolInterrupt?.toolCall.id.includes(message.id) && - FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - { @@ -40,8 +40,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Google C import { addHours, formatISO } from "date-fns"; import { GaxiosError } from "gaxios"; import { google } from "googleapis"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGoogleCalendar } from "@/lib/auth0-ai"; import { tool } from "ai"; import { z } from "zod"; @@ -55,7 +55,7 @@ export const checkUsersCalendar = withGoogleCalendar( }), execute: async ({ date }) => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Google SDK try { @@ -82,8 +82,8 @@ export const checkUsersCalendar = withGoogleCalendar( } catch (error) { if (error instanceof GaxiosError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -142,10 +142,10 @@ export async function POST(request: Request) { #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -155,8 +155,8 @@ Then, you can integrate the authentication popup in your chat component, using t import { useChat } from "@ai-sdk/react"; import { useInterruptions } from "@auth0/ai-vercel/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; export default function Chat() { const { messages, handleSubmit, input, setInput, toolInterrupt } = @@ -175,8 +175,8 @@ export default function Chat() {
))} - {FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - ({ threadID: getAgent().name })); const auth0AI = new Auth0AI(); -export const withGoogleCalendar = auth0AI.withTokenForConnection({ +export const withGoogleCalendar = auth0AI.withTokenVault({ connection: "google-oauth2", scopes: ["https://www.googleapis.com/auth/calendar.freebusy"], refreshToken: async () => { @@ -52,8 +52,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Google C import { addHours, formatISO } from "date-fns"; import { GaxiosError } from "gaxios"; import { google } from "googleapis"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGoogleCalendar } from "@/lib/auth0-ai"; import { tool } from "ai"; import { z } from "zod"; @@ -67,7 +67,7 @@ export const checkUsersCalendar = withGoogleCalendar( }), execute: async ({ date }) => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Google SDK try { @@ -94,8 +94,8 @@ export const checkUsersCalendar = withGoogleCalendar( } catch (error) { if (error instanceof GaxiosError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -193,10 +193,10 @@ The name of the user is ${claims?.name ?? "unknown"}. #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -206,8 +206,8 @@ Then, you can integrate the authentication popup in your chat component, using t import { useChat } from "@ai-sdk/react"; import { useAgentChatInterruptions } from "@auth0/ai-cloudflare/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; export default function Chat() { @@ -234,8 +234,8 @@ export default function Chat() {
))} - {FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - { @@ -42,7 +42,7 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Google C import { addHours } from "date-fns"; import { z } from "zod"; import { getAccessTokenForConnection } from "@auth0/ai-genkit"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGoogleCalendar } from "@/lib/auth0-ai"; // importing GenKit instance @@ -62,7 +62,7 @@ export const checkUsersCalendar = ai.defineTool( }, async ({ date }) => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Google SDK try { @@ -89,8 +89,8 @@ export const checkUsersCalendar = ai.defineTool( } catch (error) { if (error instanceof GaxiosError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -191,10 +191,10 @@ export async function GET( #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -203,8 +203,8 @@ Then, you can integrate the authentication popup in your chat component, using t "use client"; import { useQueryState } from "nuqs"; import { FormEventHandler, useEffect, useRef, useState } from "react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; import Markdown from "react-markdown"; const useFocus = () => { @@ -321,14 +321,14 @@ export default function Chat() { {!isLoading && message.content[0].metadata?.interrupt && - FederatedConnectionInterrupt.isInterrupt( + TokenVaultInterrupt.isInterrupt( message.content[0].metadata?.interrupt ) ? (() => { const interrupt: any = message.content[0].metadata?.interrupt; return (
- submit({ interruptedToolRequest: message.content[0] })} interrupt={interrupt} connectWidget={{ @@ -350,4 +350,4 @@ export default function Chat() {
); } -``` \ No newline at end of file +``` diff --git a/auth4genai/snippets/how-tos/google-calendar/langgraph-python.mdx b/auth4genai/snippets/how-tos/google-calendar/langgraph-python.mdx index 26b9cc271..5b71a171b 100644 --- a/auth4genai/snippets/how-tos/google-calendar/langgraph-python.mdx +++ b/auth4genai/snippets/how-tos/google-calendar/langgraph-python.mdx @@ -13,7 +13,7 @@ from auth0_ai_langchain.auth0_ai import Auth0AI auth0_ai = Auth0AI() -with_google = auth0_ai.with_federated_connection( +with_google = auth0_ai.with_token_vault( connection="google-oauth2", scopes=["https://www.googleapis.com/auth/calendar.freebusy"] # Optional: By default, the SDK will expect the refresh token from @@ -34,7 +34,7 @@ from googleapiclient.discovery import build from google.oauth2.credentials import Credentials from pydantic import BaseModel from langchain_core.tools import StructuredTool -from auth0_ai_langchain.federated_connections import get_access_token_for_connection, FederatedConnectionError +from auth0_ai_langchain.federated_connections import get_access_token_from_token_vault, TokenVaultError from lib.auth0_ai import with_google class CheckUserCalendarSchema(BaseModel): @@ -42,7 +42,7 @@ class CheckUserCalendarSchema(BaseModel): def check_user_calendar_tool_function(date: datetime): # Get the access token from Auth0 AI - access_token = get_access_token_for_connection() + access_token = get_access_token_from_token_vault() # Google SDK try: @@ -61,7 +61,7 @@ def check_user_calendar_tool_function(date: datetime): return {"available": len(busy_times) == 0} except HttpError as e: if e.resp.status == 401: - raise FederatedConnectionError("Authorization required to access the Federated Connection API") + raise TokenVaultError("Authorization required to access the Token Vault Connection API") raise ValueError(f"Invalid response from Google Calendar API: {response.status_code} - {response.text}") @@ -111,7 +111,7 @@ workflow = ( "tools", ToolNode( [ - # a tool with federated connection access + # a tool with Token Vault access check_user_calendar_tool, # ... other tools ], @@ -180,18 +180,18 @@ You can check different authentication options for Next.js with Auth0 at the [of #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: ```tsx ./src/components/chat.tsx wrap lines highlight={2-3,62-74} import { useStream } from "@langchain/langgraph-sdk/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; const useFocus = () => { const htmlElRef = useRef(null); @@ -250,9 +250,9 @@ export default function Chat() {
))} - {thread.interrupt && FederatedConnectionInterrupt.isInterrupt(thread.interrupt.value) ? ( + {thread.interrupt && TokenVaultInterrupt.isInterrupt(thread.interrupt.value) ? (
- thread.submit(null)} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/google-calendar/langgraph.mdx b/auth4genai/snippets/how-tos/google-calendar/langgraph.mdx index e61f26c12..f412c46ff 100644 --- a/auth4genai/snippets/how-tos/google-calendar/langgraph.mdx +++ b/auth4genai/snippets/how-tos/google-calendar/langgraph.mdx @@ -21,7 +21,7 @@ const auth0AI = new Auth0AI({ }); const withAccessTokenForConnection = (connection: string, scopes: string[]) => - auth0AI.withTokenForConnection({ + auth0AI.withTokenVault({ connection, scopes, accessToken: async (_, config) => { @@ -44,8 +44,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Google C import { addHours, formatISO } from "date-fns"; import { GaxiosError } from "gaxios"; import { google } from "googleapis"; -import { getAccessTokenForConnection } from "@auth0/ai-langchain"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-langchain"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withGoogleCalendar } from "@/lib/auth0-ai"; import { tool } from "@langchain/core/tools"; import { z } from "zod"; @@ -53,7 +53,7 @@ import { z } from "zod"; export const checkUsersCalendar = withGoogleCalendar( tool(async ({ date }) => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Google SDK try { @@ -79,8 +79,8 @@ export const checkUsersCalendar = withGoogleCalendar( }; } catch (err) { if (err instanceof GaxiosError && err.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } throw err; @@ -304,18 +304,18 @@ export { auth as authHandler }; #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: ```tsx ./src/components/chat.tsx wrap lines highlight={2-3,63-73} import { useStream } from "@langchain/langgraph-sdk/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; const useFocus = () => { const htmlElRef = useRef(null); @@ -374,9 +374,9 @@ export default function Chat() {
))} - {thread.interrupt && FederatedConnectionInterrupt.isInterrupt(thread.interrupt.value) ? ( + {thread.interrupt && TokenVaultInterrupt.isInterrupt(thread.interrupt.value) ? (
- thread.submit(null)} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/google-calendar/llamaindex-python.mdx b/auth4genai/snippets/how-tos/google-calendar/llamaindex-python.mdx index a4394f9ff..8ea7f8bad 100644 --- a/auth4genai/snippets/how-tos/google-calendar/llamaindex-python.mdx +++ b/auth4genai/snippets/how-tos/google-calendar/llamaindex-python.mdx @@ -14,7 +14,7 @@ from flask import session auth0_ai = Auth0AI() -with_google = auth0_ai.with_federated_connection( +with_google = auth0_ai.with_token_vault( connection="google-oauth2", scopes=["https://www.googleapis.com/auth/calendar.freebusy"], refresh_token=lambda *_args, **_kwargs:session["user"]["refresh_token"], @@ -35,14 +35,14 @@ from googleapiclient.discovery import build from google.oauth2.credentials import Credentials from typing import Annotated from llama_index.core.tools import FunctionTool -from auth0_ai_llamaindex.federated_connections import get_access_token_for_connection, FederatedConnectionError +from auth0_ai_llamaindex.token_vault import get_access_token_from_token_vault, TokenVaultError from src.lib.auth0_ai import with_google def check_user_calendar_tool_function( date: Annotated[str, "Date and time in ISO 8601 format."] ): # Get the access token from Auth0 AI - access_token = get_access_token_for_connection() + access_token = get_access_token_from_token_vault() # Google SDK try: @@ -61,7 +61,7 @@ def check_user_calendar_tool_function( return {"available": len(busy_times) == 0} except HttpError as e: if e.resp.status == 401: - raise FederatedConnectionError("Authorization required to access the Federated Connection API") + raise TokenVaultError("Authorization required to access the Token Vault Connection API") raise ValueError(f"Invalid response from Google Calendar API: {response.status_code} - {response.text}") @@ -86,7 +86,7 @@ system_prompt = f"""You are an assistant designed to answer random user's questi agent = OpenAIAgent.from_tools( tools=[ - # a tool with federated connection access + # a tool with Token Vault access check_user_calendar_tool # ... other tools ], @@ -104,14 +104,14 @@ Interrupts are a way for the system to pause execution and prompt the user to ta On the server side of your Flask application you will need to set up a route to handle the Chat API requests. This route will be responsible for forwarding the requests to the OpenAI API utilizing LlamaIndex's SDK, that has been initialized with Auth0 AI's protection enhancements for tools. -When `FederatedConnectionInterrupt` error ocurrs, the server side will signal the front-end about the level access restrictions, and the front-end should prompt the user to trigger a new authorization (or login) request with the necessary permissions. +When `TokenVaultInterrupt` error ocurrs, the server side will signal the front-end about the level access restrictions, and the front-end should prompt the user to trigger a new authorization (or login) request with the necessary permissions. ```python ./src/app.py wrap lines highlight={3-5,19-20} from dotenv import load_dotenv from flask import Flask, request, jsonify, session from auth0_ai_llamaindex.auth0_ai import Auth0AI -from auth0_ai_llamaindex.federated_connections import FederatedConnectionInterrupt +from auth0_ai_llamaindex.token_vault import TokenVaultInterrupt from src.lib.agent import agent load_dotenv() @@ -126,7 +126,7 @@ async def chat(): message = request.json.get("message") response = agent.achat(message) return jsonify({"response": str(response)}) - except FederatedConnectionInterrupt as e: + except TokenVaultInterrupt as e: return jsonify({"error": str(e.to_json())}), 403 except Exception as e: return jsonify({"error": str(e)}), 500 diff --git a/auth4genai/snippets/how-tos/google-calendar/llamaindex.mdx b/auth4genai/snippets/how-tos/google-calendar/llamaindex.mdx index 6fa468fd6..fe8ab0ddb 100644 --- a/auth4genai/snippets/how-tos/google-calendar/llamaindex.mdx +++ b/auth4genai/snippets/how-tos/google-calendar/llamaindex.mdx @@ -14,7 +14,7 @@ import { auth0 } from "@/lib/auth0"; const auth0AI = new Auth0AI(); -export const withGoogleCalendar = auth0AI.withTokenForConnection({ +export const withGoogleCalendar = auth0AI.withTokenVault({ connection: "google-oauth2", scopes: ["https://www.googleapis.com/auth/calendar.freebusy"], refreshToken: async () => { @@ -41,7 +41,7 @@ import { google } from "googleapis"; import { tool } from "llamaindex"; import { withGoogleCalendar } from "@/lib/auth0-ai"; import { getAccessTokenForConnection } from "@auth0/ai-llamaindex"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { z } from "zod"; export const checkUsersCalendar = () => @@ -49,7 +49,7 @@ export const checkUsersCalendar = () => tool( async ({ date }) => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Google SDK try { @@ -76,8 +76,8 @@ export const checkUsersCalendar = () => } catch (error) { if (error instanceof GaxiosError) { if (error.status === 401) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -150,10 +150,10 @@ export async function POST(request: Request) { #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -162,9 +162,9 @@ Then, you can integrate the authentication popup in your chat component, using t "use client"; import { generateId } from "ai"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; import { useInterruptions } from "@auth0/ai-vercel/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; import { useChat } from "@ai-sdk/react"; export default function Chat() { @@ -187,8 +187,8 @@ export default function Chat() { {message.parts && message.parts.length > 0 && (
{toolInterrupt?.toolCall.id.includes(message.id) && - FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - { @@ -36,8 +36,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Slack AP ```typescript ./src/lib/tools/listChannels.ts wrap lines highlight={2-4,8,14,18,30-32} import { ErrorCode, WebClient } from "@slack/web-api"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withSlack } from "@/lib/auth0-ai"; import { tool } from "ai"; import { z } from "zod"; @@ -48,7 +48,7 @@ export const listChannels = withSlack( parameters: z.object({}), execute: async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Slack SDK try { @@ -64,8 +64,8 @@ export const listChannels = withSlack( } catch (error) { if (error && typeof error === "object" && "code" in error) { if (error.code === ErrorCode.HTTPError) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -124,10 +124,10 @@ export async function POST(request: Request) { #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Slack and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Slack and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -137,8 +137,8 @@ Then, you can integrate the authentication popup in your chat component, using t import { useChat } from "@ai-sdk/react"; import { useInterruptions } from "@auth0/ai-vercel/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; export default function Chat() { const { messages, handleSubmit, input, setInput, toolInterrupt } = @@ -157,8 +157,8 @@ export default function Chat() {
))} - {FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - ({ threadID: getAgent().name })); const auth0AI = new Auth0AI(); -export const withSlack = auth0AI.withTokenForConnection({ +export const withSlack = auth0AI.withTokenVault({ connection: "sign-in-with-slack", scopes: ["channels:read", "groups:read"], refreshToken: async () => { @@ -50,8 +50,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Slack AP ```typescript ./src/agent/tools/listRepositories.ts wrap lines highlight={2-4,8,14,18,30-32} import { ErrorCode, WebClient } from "@slack/web-api"; -import { getAccessTokenForConnection } from "@auth0/ai-vercel"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-vercel"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withSlack } from "@/lib/auth0-ai"; import { tool } from "ai"; import { z } from "zod"; @@ -62,7 +62,7 @@ export const listChannels = withSlack( parameters: z.object({}), execute: async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Slack SDK try { @@ -78,8 +78,8 @@ export const listChannels = withSlack( } catch (error) { if (error && typeof error === "object" && "code" in error) { if (error.code === ErrorCode.HTTPError) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -177,10 +177,10 @@ The name of the user is ${claims?.name ?? "unknown"}. #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Github and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Github and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -190,8 +190,8 @@ Then, you can integrate the authentication popup in your chat component, using t import { useChat } from "@ai-sdk/react"; import { useAgentChatInterruptions } from "@auth0/ai-cloudflare/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; export default function Chat() { @@ -218,8 +218,8 @@ export default function Chat() {
))} - {FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - { @@ -41,7 +41,7 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Slack AP ```typescript ./src/lib/tools/listChannels.ts wrap lines highlight={2-4,11,18,22,34-36} import { z } from "zod"; import { getAccessTokenForConnection } from "@auth0/ai-genkit"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withSlack } from "@/lib/auth0-ai"; import { ErrorCode, WebClient } from "@slack/web-api"; @@ -56,7 +56,7 @@ export const listChannels = ai.defineTool( name: "listChannels", }, async () => { - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); try { // Slack SDK @@ -72,8 +72,8 @@ export const listChannels = ai.defineTool( } catch (error) { if (error && typeof error === "object" && "code" in error) { if (error.code === ErrorCode.HTTPError) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -174,10 +174,10 @@ export async function GET( #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Google Calendar and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -186,8 +186,8 @@ Then, you can integrate the authentication popup in your chat component, using t "use client"; import { useQueryState } from "nuqs"; import { FormEventHandler, useEffect, useRef, useState } from "react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; import Markdown from "react-markdown"; const useFocus = () => { @@ -304,14 +304,14 @@ export default function Chat() { {!isLoading && message.content[0].metadata?.interrupt && - FederatedConnectionInterrupt.isInterrupt( + TokenVaultInterrupt.isInterrupt( message.content[0].metadata?.interrupt ) ? (() => { const interrupt: any = message.content[0].metadata?.interrupt; return (
- submit({ interruptedToolRequest: message.content[0] })} interrupt={interrupt} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/slack/langgraph-python.mdx b/auth4genai/snippets/how-tos/slack/langgraph-python.mdx index 92aa3aa12..b19d32516 100644 --- a/auth4genai/snippets/how-tos/slack/langgraph-python.mdx +++ b/auth4genai/snippets/how-tos/slack/langgraph-python.mdx @@ -13,7 +13,7 @@ from auth0_ai_langchain.auth0_ai import Auth0AI auth0_ai = Auth0AI() -with_slack = auth0_ai.with_federated_connection( +with_slack = auth0_ai.with_token_vault( connection="sign-in-with-slack", scopes=["channels:read groups:read"], # Optional: By default, the SDK will expect the refresh token from @@ -32,7 +32,7 @@ from slack_sdk import WebClient from slack_sdk.errors import SlackApiError from pydantic import BaseModel from langchain_core.tools import StructuredTool -from auth0_ai_langchain.federated_connections import get_access_token_for_connection, FederatedConnectionError +from auth0_ai_langchain.federated_connections import get_access_token_from_token_vault, TokenVaultError from lib.auth0_ai import with_slack class EmptySchema(BaseModel): @@ -40,7 +40,7 @@ class EmptySchema(BaseModel): def list_channels_tool_function(date: datetime): # Get the access token from Auth0 AI - access_token = get_access_token_for_connection() + access_token = get_access_token_from_token_vault() # Slack SDK try: @@ -55,7 +55,7 @@ def list_channels_tool_function(date: datetime): return channel_names except SlackApiError as e: if e.response['error'] == 'not_authed': - raise FederatedConnectionError("Authorization required to access the Federated Connection API") + raise TokenVaultError("Authorization required to access the Token Vault Connection API") raise ValueError(f"An error occurred: {e.response['error']}") @@ -105,7 +105,7 @@ workflow = ( "tools", ToolNode( [ - # a tool with federated connection access + # a tool with Token Vault access list_slack_channels_tool, # ... other tools ], @@ -174,18 +174,18 @@ You can check different authentication options for Next.js with Auth0 at the [of #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Slack and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Slack and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: ```tsx ./src/components/chat.tsx wrap lines highlight={2-3,62-74} import { useStream } from "@langchain/langgraph-sdk/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; const useFocus = () => { const htmlElRef = useRef(null); @@ -244,9 +244,9 @@ export default function Chat() {
))} - {thread.interrupt && FederatedConnectionInterrupt.isInterrupt(thread.interrupt.value) ? ( + {thread.interrupt && TokenVaultInterrupt.isInterrupt(thread.interrupt.value) ? (
- thread.submit(null)} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/slack/langgraph.mdx b/auth4genai/snippets/how-tos/slack/langgraph.mdx index e3c227660..678f05bbd 100644 --- a/auth4genai/snippets/how-tos/slack/langgraph.mdx +++ b/auth4genai/snippets/how-tos/slack/langgraph.mdx @@ -21,7 +21,7 @@ const auth0AI = new Auth0AI({ }); const withAccessTokenForConnection = (connection: string, scopes: string[]) => - auth0AI.withTokenForConnection({ + auth0AI.withTokenVault({ connection, scopes, accessToken: async (_, config) => { @@ -31,7 +31,7 @@ const withAccessTokenForConnection = (connection: string, scopes: string[]) => }); export const withSlack = withAccessTokenForConnection("sign-in-with-slack", ["channels:read", "groups:read"]); - + ``` ### 2. Integrate your tool with Slack @@ -40,8 +40,8 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Slack AP ```typescript ./src/lib/tools/listChannels.ts wrap lines highlight={2-4,8,11,15,27-29} import { ErrorCode, WebClient } from "@slack/web-api"; -import { getAccessTokenForConnection } from "@auth0/ai-langchain"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { getAccessTokenFromTokenVault } from "@auth0/ai-langchain"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { withSlack } from "@/lib/auth0-ai"; import { tool } from "@langchain/core/tools"; import { z } from "zod"; @@ -49,7 +49,7 @@ import { z } from "zod"; export const listChannels = withSlack( tool(async ({ date }) => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Slack SDK try { @@ -65,8 +65,8 @@ export const listChannels = withSlack( } catch (error) { if (error && typeof error === "object" && "code" in error) { if (error.code === ErrorCode.HTTPError) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -291,18 +291,18 @@ export { auth as authHandler }; #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with Slack and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with Slack and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: ```tsx ./src/components/chat.tsx wrap lines highlight={2-3,62-74} import { useStream } from "@langchain/langgraph-sdk/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; const useFocus = () => { const htmlElRef = useRef(null); @@ -361,9 +361,9 @@ export default function Chat() {
))} - {thread.interrupt && FederatedConnectionInterrupt.isInterrupt(thread.interrupt.value) ? ( + {thread.interrupt && TokenVaultInterrupt.isInterrupt(thread.interrupt.value) ? (
- thread.submit(null)} connectWidget={{ diff --git a/auth4genai/snippets/how-tos/slack/llamaindex-python.mdx b/auth4genai/snippets/how-tos/slack/llamaindex-python.mdx index fe9dd7b82..a3fb3ef71 100644 --- a/auth4genai/snippets/how-tos/slack/llamaindex-python.mdx +++ b/auth4genai/snippets/how-tos/slack/llamaindex-python.mdx @@ -14,7 +14,7 @@ from flask import session auth0_ai = Auth0AI() -with_slack = auth0_ai.with_federated_connection( +with_slack = auth0_ai.with_token_vault( connection="sign-in-with-slack", scopes=["channels:read groups:read"], refresh_token=lambda *_args, **_kwargs:session["user"]["refresh_token"], @@ -32,12 +32,12 @@ Wrap your tool using the Auth0 AI SDK to obtain an access token for the Slack AP from slack_sdk import WebClient from slack_sdk.errors import SlackApiError from llama_index.core.tools import FunctionTool -from auth0_ai_llamaindex.federated_connections import get_access_token_for_connection, FederatedConnectionError +from auth0_ai_llamaindex.token_vault import get_access_token_from_token_vault, TokenVaultError from src.lib.auth0_ai import with_slack def list_slack_channels_tool_function(): # Get the access token from Auth0 AI - access_token = get_access_token_for_connection() + access_token = get_access_token_from_token_vault() # Slack SDK try: @@ -52,7 +52,7 @@ def list_slack_channels_tool_function(): return channel_names except SlackApiError as e: if e.response['error'] == 'not_authed': - raise FederatedConnectionError("Authorization required to access the Federated Connection API") + raise TokenVaultError("Authorization required to access the Token Vault Connection API") raise ValueError(f"An error occurred: {e.response['error']}") @@ -77,7 +77,7 @@ system_prompt = f"""You are an assistant designed to answer random user's questi agent = OpenAIAgent.from_tools( tools=[ - # a tool with federated connection access + # a tool with Token Vault access list_slack_channels_tool # ... other tools ], @@ -95,14 +95,14 @@ Interrupts are a way for the system to pause execution and prompt the user to ta On the server side of your Flask application you will need to set up a route to handle the Chat API requests. This route will be responsible for forwarding the requests to the OpenAI API utilizing LlamaIndex's SDK, that has been initialized with Auth0 AI's protection enhancements for tools. -When `FederatedConnectionInterrupt` error ocurrs, the server side will signal the front-end about the level access restrictions, and the front-end should prompt the user to trigger a new authorization (or login) request with the necessary permissions. +When `TokenVaultInterrupt` error ocurrs, the server side will signal the front-end about the level access restrictions, and the front-end should prompt the user to trigger a new authorization (or login) request with the necessary permissions. ```python ./src/app.py wrap lines highlight={3-5,19-20} from dotenv import load_dotenv from flask import Flask, request, jsonify, session from auth0_ai_llamaindex.auth0_ai import Auth0AI -from auth0_ai_llamaindex.federated_connections import FederatedConnectionInterrupt +from auth0_ai_llamaindex.token_vault import TokenVaultInterrupt from src.lib.agent import agent load_dotenv() @@ -117,7 +117,7 @@ async def chat(): message = request.json.get("message") response = agent.achat(message) return jsonify({"response": str(response)}) - except FederatedConnectionInterrupt as e: + except TokenVaultInterrupt as e: return jsonify({"error": str(e.to_json())}), 403 except Exception as e: return jsonify({"error": str(e)}), 500 diff --git a/auth4genai/snippets/how-tos/slack/llamaindex.mdx b/auth4genai/snippets/how-tos/slack/llamaindex.mdx index 65095e0ec..3cdd5f32e 100644 --- a/auth4genai/snippets/how-tos/slack/llamaindex.mdx +++ b/auth4genai/snippets/how-tos/slack/llamaindex.mdx @@ -14,7 +14,7 @@ import { auth0 } from "@/lib/auth0"; const auth0AI = new Auth0AI(); -export const withSlack = auth0AI.withTokenForConnection({ +export const withSlack = auth0AI.withTokenVault({ connection: "sign-in-with-slack", scopes: ["channels:read", "groups:read"], refreshToken: async () => { @@ -39,7 +39,7 @@ import { tool } from "llamaindex"; import { z } from "zod"; import { withSlack } from "@/lib/auth0-ai"; import { getAccessTokenForConnection } from "@auth0/ai-llamaindex"; -import { FederatedConnectionError } from "@auth0/ai/interrupts"; +import { TokenVaultError } from "@auth0/ai/interrupts"; import { ErrorCode, WebClient } from "@slack/web-api"; export const listChannels = () => @@ -47,7 +47,7 @@ export const listChannels = () => tool( async () => { // Get the access token from Auth0 AI - const accessToken = getAccessTokenForConnection(); + const accessToken = getAccessTokenFromTokenVault(); // Slack SDK try { @@ -67,8 +67,8 @@ export const listChannels = () => } catch (error) { if (error && typeof error === "object" && "code" in error) { if (error.code === ErrorCode.HTTPError) { - throw new FederatedConnectionError( - `Authorization required to access the Federated Connection` + throw new TokenVaultError( + `Authorization required to access the Token Vault Connection` ); } } @@ -138,10 +138,10 @@ export async function POST(request: Request) { #### Client Side -On this example we utilize the `EnsureAPIAccessPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: +On this example we utilize the `TokenVaultConsentPopup` component to show a popup that allows the user to authenticate with GitHub and grant access with the requested scopes. You'll first need to install the `@auth0/ai-components` package: ```bash wrap lines -npx @auth0/ai-components add FederatedConnections +npx @auth0/ai-components add TokenVault ``` Then, you can integrate the authentication popup in your chat component, using the interruptions helper from the SDK: @@ -150,9 +150,9 @@ Then, you can integrate the authentication popup in your chat component, using t "use client"; import { generateId } from "ai"; -import { EnsureAPIAccessPopup } from "@/components/auth0-ai/FederatedConnections/popup"; +import { TokenVaultConsentPopup } from "@/components/auth0-ai/TokenVault/popup"; import { useInterruptions } from "@auth0/ai-vercel/react"; -import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts"; +import { TokenVaultInterrupt } from "@auth0/ai/interrupts"; import { useChat } from "@ai-sdk/react"; export default function Chat() { @@ -175,8 +175,8 @@ export default function Chat() { {message.parts && message.parts.length > 0 && (
{toolInterrupt?.toolCall.id.includes(message.id) && - FederatedConnectionInterrupt.isInterrupt(toolInterrupt) && ( - {`const auth0AI = new Auth0AI(); -export const ${jsVariableName} = auth0AI.withTokenForConnection({ +export const ${jsVariableName} = auth0AI.withTokenVault({ connection: "${connectionName}", scopes: [${formatScopes(scopes)}, ...], refreshToken: getAuth0RefreshToken(), @@ -28,7 +28,7 @@ export const ${jsVariableName} = auth0AI.withTokenForConnection({ {`auth0_ai = Auth0AI() -${pythonVariableName} = auth0_ai.with_federated_connection( +${pythonVariableName} = auth0_ai.with_token_vault( connection="${connectionName}", scopes=[${formatScopes(scopes)}, ...], refresh_token=get_auth0_refresh_token, diff --git a/auth4genai/snippets/integrations/learn-more.mdx b/auth4genai/snippets/integrations/learn-more.mdx index c9c65d3ab..949d31a05 100644 --- a/auth4genai/snippets/integrations/learn-more.mdx +++ b/auth4genai/snippets/integrations/learn-more.mdx @@ -4,5 +4,5 @@ If you want to use more than one connection for a user, you can link their accou ## Learn more -- Auth0's [Token Vault](https://auth0.com/docs/secure/tokens/token-vault) organizes the access and refresh tokens of federated connections in secure tokensets. Applications can then access the Token Vault to retrieve access tokens to call third-party APIs. To learn more, read [Configure Token Vault](https://auth0.com/docs/secure/tokens/token-vault/configure-token-vault). +- Auth0's [Token Vault](https://auth0.com/docs/secure/tokens/token-vault) organizes the access and refresh tokens of third-party connections in secure tokensets. Applications can then access the Token Vault to retrieve access tokens to call third-party APIs. To learn more, read [Configure Token Vault](https://auth0.com/docs/secure/tokens/token-vault/configure-token-vault). - Learn how to get an access token to make a tool call by completing the [Call other's APIs on user's behalf quickstart](/get-started/call-others-apis-on-users-behalf). diff --git a/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authentication-with-ciba.mdx b/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authentication-with-ciba.mdx index a230dfedb..c3b9386c2 100644 --- a/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authentication-with-ciba.mdx +++ b/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authentication-with-ciba.mdx @@ -44,11 +44,11 @@ If you have set diff --git a/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authorization-with-ciba.mdx b/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authorization-with-ciba.mdx index ea2957681..de4cf8c0d 100644 --- a/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authorization-with-ciba.mdx +++ b/main/docs/get-started/authentication-and-authorization-flow/client-initiated-backchannel-authentication-flow/user-authorization-with-ciba.mdx @@ -56,11 +56,11 @@ If you have set resource server, which includes registering your `authorization_details` types. -### Step 1: Client application initiates a CIBA request +### Step 1: Client application initiates an Async Authorization request -Use the [User Search APIs](/docs/manage-users/user-search) to find the authorizing user for whom you’d like to initiate a CIBA request and obtain their user ID. +Use the [User Search APIs](/docs/manage-users/user-search) to find the authorizing user for whom you’d like to initiate an Async Authorization request and obtain their user ID. -Once you have a user ID for the authorizing user, use the [Authentication API](https://auth0.com/docs/api/authentication/login/start-back-channel-login) to send a CIBA request with the `authorization_details` to the `/bc-authorize` endpoint: +Once you have a user ID for the authorizing user, use the [Authentication API](https://auth0.com/docs/api/authentication/login/start-back-channel-login) to send an Async Authorization request with the `authorization_details` to the `/bc-authorize` endpoint: ```bash lines curl --location 'https://$tenant/bc-authorize' \ diff --git a/main/docs/secure/tokens/token-vault.mdx b/main/docs/secure/tokens/token-vault.mdx index 1d1ecc23c..59f48ce7f 100644 --- a/main/docs/secure/tokens/token-vault.mdx +++ b/main/docs/secure/tokens/token-vault.mdx @@ -1,25 +1,25 @@ --- -description: Learn how Token Vault securely stores federated access and refresh - tokens. +description: Learn how Token Vault securely stores third-party access and refresh +tokens. 'og:image': https://cdn2.auth0.com/docs/1.14553.0/img/share-image.png 'og:title': Token Vault 'og:url': https://auth0.com/docs/ permalink: token-vault sidebarTitle: Overview title: Token Vault -'twitter:description': Learn how Token Vault securely stores federated access and - refresh tokens. +'twitter:description': Learn how Token Vault securely stores third-party access and +refresh tokens. 'twitter:title': Token Vault --- -Token Vault is currently available in Early Access for public cloud tenants. To enable Token Vault, contact your Auth0 representative. + Token Vault is currently available in Early Access for public cloud tenants. To enable Token Vault, contact your Auth0 representative. Token Vault enables your applications to securely access third-party APIs on the user's behalf. There is no need to manage refresh tokens or build custom integrations per provider—Auth0 handles it all for you. You gain access to a wide range of external providers’ APIs and services, all through a single Auth0 integration. -When a user authenticates with a supported external provider and uses OAuth scopes to authorize access, Auth0 stores the access and refresh tokens for that connection in the Token Vault. Token Vault organizes the federated tokens issued by external providers into tokensets, with one tokenset per authorized connection. +When a user authenticates with a supported external provider and uses OAuth scopes to authorize access, Auth0 stores the access and refresh tokens for that connection in the Token Vault. Token Vault organizes the third-party tokens issued by external providers into tokensets, with one tokenset per authorized connection. You can then call the external provider's APIs using these stored credentials via Auth0 to get a user’s Google Calendar events, access GitHub repos, create a Microsoft Word document, and more. @@ -35,12 +35,12 @@ For Early Access, Auth0 supports Token Vault for the following social and enterp ## How it works -When a user authenticates with a supported external provider and authorizes the federated connection: +When a user authenticates with a supported external provider and authorizes the third-party connection: 1. Auth0 obtains access tokens using OAuth 2.0 scopes to control access. Users explicitly approve requested permissions. -2. Auth0 securely stores federated access and refresh tokens in the Token Vault. +2. Auth0 securely stores third-party access and refresh tokens in the Token Vault. 3. The application [links user accounts](/docs/manage-users/user-accounts/user-account-linking) with the user's consent. As a result, the user won’t have to create separate accounts for each external provider. -4. Your application calls Auth0 to exchange a valid Auth0 refresh token with an access token for a federated connection. Your application can perform this exchange multiple times while Auth0 manages refreshing the federated access tokens stored in the Token Vault. Using a federated access token, your application can call third-party APIs on the user’s behalf. +4. Your application calls Auth0 to exchange a valid Auth0 refresh token with an access token for a third-party connection. Your application can perform this exchange multiple times while Auth0 manages refreshing the third-party access tokens stored in the Token Vault. Using a third-party access token, your application can call third-party APIs on the user’s behalf. Token Vault allows for seamless federated identity and simplifies integration across multiple external providers via a single Auth0 interface. @@ -57,18 +57,18 @@ To get started with Token Vault, read the following: - - + + - - - - - - - - - - + + + + + + + + + +
Read…To learn…Read…To learn…
Configure Token VaultHow to configure the Token Vault.
Call APIs with Token VaultHow an application accesses the Token Vault to get an access token to call third-party APIs.
Configure Token VaultHow to configure the Token Vault.
Call APIs with Token VaultHow an application accesses the Token Vault to get an access token to call third-party APIs.
\ No newline at end of file diff --git a/main/docs/secure/tokens/token-vault/call-apis-with-token-vault.mdx b/main/docs/secure/tokens/token-vault/call-apis-with-token-vault.mdx index e3996600d..2df5cae33 100644 --- a/main/docs/secure/tokens/token-vault/call-apis-with-token-vault.mdx +++ b/main/docs/secure/tokens/token-vault/call-apis-with-token-vault.mdx @@ -1,22 +1,22 @@ --- description: Learn how an application can access the Token Vault to get an access - token to call third-party APIs. +token to call third-party APIs. 'og:image': https://cdn2.auth0.com/docs/1.14553.0/img/share-image.png 'og:title': Call APIs with Token Vault 'og:url': https://auth0.com/docs/ permalink: call-apis-with-token-vault title: Call APIs with Token Vault 'twitter:description': Learn how an application can access the Token Vault to get - an access token to call third-party APIs. +an access token to call third-party APIs. 'twitter:title': Call APIs with Token Vault --- -Token Vault is currently available in Early Access for public cloud tenants. To enable Token Vault, contact your Auth0 representative. + Token Vault is currently available in Early Access for public cloud tenants. To enable Token Vault, contact your Auth0 representative. -Token Vault organizes federated access and refresh tokens issued by external providers into tokensets, with one tokenset per authorized connection. Applications can access the Token Vault when they exchange a valid Auth0 refresh token for a federated access token stored in the tokenset. This enables applications to request federated access tokens without the user having to re-authorize the connection. Using the federated access token, the application can call third-party APIs on the user’s behalf. +Token Vault organizes third-party access and refresh tokens issued by external providers into tokensets, with one tokenset per authorized connection. Applications can access the Token Vault when they exchange a valid Auth0 refresh token for a third-party access token stored in the tokenset. This enables applications to request third-party access tokens without the user having to re-authorize the connection. Using the third-party access token, the application can call third-party APIs on the user’s behalf. Let’s walk through a real-world example: A user wants to schedule a meeting in their Google Calendar using a productivity app. @@ -34,24 +34,24 @@ When the user logs into a new Google social connection: - - + + - - - - - - - - - - - - - - + + + + + + + + + + + + + +
ParameterDescriptionParameterDescription
connectionThe name of a social identity provider. In this case, google-oauth2.
connection_scopeRequests additional scopes to be authorized for the connection. In this case, it includes the Google Calendar API scopes.

Note: At runtime, the list of connection scopes is merged with the scopes you statically configured for the connection. Whenever the user is redirected to authorize this connection, Auth0 will always request the scopes you selected. To learn more, read Configure Token Vault.

scopeRequests Auth0 scopes to be authorized for the application. Include offline_access to get an Auth0 refresh token from the Auth0 Authorization Server.
connectionThe name of a social identity provider. In this case, google-oauth2.
connection_scopeRequests additional scopes to be authorized for the connection. In this case, it includes the Google Calendar API scopes.

Note: At runtime, the list of connection scopes is merged with the scopes you statically configured for the connection. Whenever the user is redirected to authorize this connection, Auth0 will always request the scopes you selected. To learn more, read Configure Token Vault.

scopeRequests Auth0 scopes to be authorized for the application. Include offline_access to get an Auth0 refresh token from the Auth0 Authorization Server.
2. The Auth0 Authorization Server redirects the user to the consent prompt for the Google connection. The user authenticates using one of the configured login options and authorizes the Google connection, giving the application permission to access the Google Calendar API. @@ -66,7 +66,7 @@ When the user logs into a new Google social connection: ## Call third-party API -To schedule the meeting, the application needs to call the Google Calendar API. The application can use a valid Auth0 refresh token to request a Google access token with the scopes granted in the login flow without the user having to re-authorize the connection. To learn more, read [Manage federated refresh tokens](#manage-federated-refresh-tokens). +To schedule the meeting, the application needs to call the Google Calendar API. The application can use a valid Auth0 refresh token to request a Google access token with the scopes granted in the login flow without the user having to re-authorize the connection. To learn more, read [Manage Token Vault refresh tokens](#manage-token-vault-refresh-tokens). To call the Google Calendar API: @@ -74,13 +74,13 @@ To call the Google Calendar API: -```javascript lines -// Install the Auth0 Next.js SDK -npm i @auth0/nextjs-auth0 + ```javascript lines + // Install the Auth0 Next.js SDK + npm i @auth0/nextjs-auth0 -// Get access token for Google social connection -const { token } = await auth0.getAccessTokenForConnection({ connection: 'google-oauth2' }); -``` + // Get access token for Google social connection + const { token } = await auth0.getAccessTokenForConnection({ connection: 'google-oauth2' }); + ``` @@ -89,20 +89,20 @@ const { token } = await auth0.getAccessTokenForConnection({ connection: 'google- -```json lines -POST https://YOUR_AUTH0_TENANT.auth0.com/oauth/token -Request: -{ -  "grant_type": "urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token", -  "client_id": "AUTH0_CLIENT_ID", -  "client_secret": "AUTH0_CLIENT_SECRET", -  "subject_token_type": "urn:ietf:params:oauth:token-type:refresh_token", -  "subject_token": "AUTH0_REFRESH_TOKEN", -  "requested_token_type": "http://auth0.com/oauth/token-type/federated-connection-access-token" -  "connection": "google-oauth2", -  "login_hint": "idp_user_id" -} -``` + ```json lines + POST https://YOUR_AUTH0_TENANT.auth0.com/oauth/token + Request: + { + "grant_type": "urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token", + "client_id": "AUTH0_CLIENT_ID", + "client_secret": "AUTH0_CLIENT_SECRET", + "subject_token_type": "urn:ietf:params:oauth:token-type:refresh_token", + "subject_token": "AUTH0_REFRESH_TOKEN", + "requested_token_type": "http://auth0.com/oauth/token-type/federated-connection-access-token" + "connection": "google-oauth2", + "login_hint": "idp_user_id" + } + ``` @@ -113,44 +113,44 @@ Request: - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterDescriptionParameterDescription
grant_typeThe grant type. For Token Vault, set to urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token
client_idClient application ID
client_secretClient secret. Note: You can use any client authentication method to get a federated access token.
subject_token_typeType of subject token. For Token Vault, set to refresh token: urn:ietf:params:oauth:token-type:refresh_token
subject_tokenThe Auth0 refresh token that the Auth0 Authorization Server validates to identify the user.
requested_token_typeThe requested token type. For Token Vault, set to federated access token or http://auth0.com/oauth/token-type/federated-connection-access-token
connectionThe connection name, in this case, google-oauth2.
login_hint(Optional) The user ID for the identity provider. Only use login_hint if the user has several accounts from the same connection. For instance, a user may connect their work and personal Google account.
grant_typeThe grant type. For Token Vault, set to urn:auth0:params:oauth:grant-type:token-exchange:federated-connection-access-token
client_idClient application ID
client_secretClient secret. Note: You can use any client authentication method to get a third-party access token.
subject_token_typeType of subject token. For Token Vault, set to refresh token: urn:ietf:params:oauth:token-type:refresh_token
subject_tokenThe Auth0 refresh token that the Auth0 Authorization Server validates to identify the user.
requested_token_typeThe requested token type. For Token Vault, set to federated access token or http://auth0.com/oauth/token-type/federated-connection-access-token
connectionThe connection name, in this case, google-oauth2.
login_hint(Optional) The user ID for the identity provider. Only use login_hint if the user has several accounts from the same connection. For instance, a user may connect their work and personal Google account.
The Auth0 Authorization Server validates and loads the user profile associated with the Auth0 refresh token: @@ -159,7 +159,7 @@ The Auth0 Authorization Server validates and loads the user profile associated w 2. If the authorization request contains `login_hint`, Auth0 looks for an identity matching both the connection name and the `login_hint`. 3. If Auth0 can’t find the user, it returns a `401` status code with an error message. -Once the Auth0 Authorization Server validates the user, it locates the federated access token within the Token Vault. If it is still valid, Auth0 returns the federated access token with its scopes and expiry time: +Once the Auth0 Authorization Server validates the user, it locates the third-party access token within the Token Vault. If it is still valid, Auth0 returns the third-party access token with its scopes and expiry time: ```json lines { @@ -176,16 +176,16 @@ Once the Auth0 Authorization Server validates the user, it locates the federated -If the federated access token has expired, Auth0 uses the federated refresh token stored in the Token Vault to get a new federated access token with the same scopes. Auth0 then stores it in the corresponding tokenset and returns it to the application. To learn more about how Auth0 manages federated refresh tokens, read [Manage federated refresh tokens](#manage-federated-refresh-tokens). +If the third-party access token has expired, Auth0 uses the refresh token stored in the Token Vault to get a new third-party access token with the same scopes. Auth0 then stores it in the corresponding tokenset and returns it to the application. To learn more about how Auth0 manages refresh tokens, read [Manage Token Vault refresh tokens](#manage-token-vault-refresh-tokens). -Using the federated access token, the application calls the Google Calendar API on the user’s behalf. +Using the Token Vault access token, the application calls the Google Calendar API on the user’s behalf. -## Manage federated refresh tokens +## Manage Token Vault refresh tokens -Auth0 securely stores the federated refresh and access tokens of external providers in a tokenset within the Token Vault, with one tokenset per authorized connection. Auth0 manages federated refresh tokens on the server, so your application only has to handle storing and exchanging Auth0 refresh tokens for federated access tokens. +Auth0 securely stores refresh and access tokens for external providers in a tokenset within the Token Vault, with one tokenset per authorized connection. Auth0 manages refresh tokens on the server, so your application only has to handle storing and exchanging Auth0 refresh tokens for third-party access tokens. To learn more about how Auth0 manages Auth0 refresh tokens for different types of applications, read [Refresh tokens](/docs/secure/tokens/refresh-tokens). -### Federated refresh token expiration policy +### Token Vault refresh token expiration policy -Auth0 deletes federated refresh tokens from tokensets when they expire based on the expiration date set by the external provider or if they have not been exchanged for a federated access token for 1+ years. \ No newline at end of file +Auth0 deletes refresh tokens from tokensets when they expire based on the expiration date set by the external provider or if they have not been exchanged for a third-party access token for 1+ years. \ No newline at end of file diff --git a/main/docs/secure/tokens/token-vault/configure-token-vault.mdx b/main/docs/secure/tokens/token-vault/configure-token-vault.mdx index fa3d1fcc5..9cd9947fe 100644 --- a/main/docs/secure/tokens/token-vault/configure-token-vault.mdx +++ b/main/docs/secure/tokens/token-vault/configure-token-vault.mdx @@ -28,9 +28,9 @@ Once a user authenticates with a supported external provider and authorizes the To configure Token Vault, you need to: -1. Configure your application with the Token Exchange (Federated Connection) grant type. +1. Configure your application with the Token Vault grant type. 2. Enable Token Vault for a federated connection. -3. Manage tokensets within the Token Vault for your federated connection. +3. Manage tokensets within the Token Vault for your third-party connection. @@ -42,9 +42,9 @@ If you need to trigger MFA challenges for interactive flows, enable **Customize ## Configure application -Configure your application with the Token Exchange (Federated Connection) grant type using the Auth0 Dashboard or Management API. +Configure your application with the Token Vault grant type using the Auth0 Dashboard or Management API. -Only certain types of clients can use the Token Exchange (Federated Connection) grant type: +Only certain types of clients can use the Token Vault grant type: 1. The client must be a first-party client, i.e. the `is_first_party` property is `true`. 2. The client must be a confidential client with a valid authentication mechanism, i.e. the `token_endpoint_auth_method` property must not be set to `none`. @@ -54,7 +54,7 @@ Only certain types of clients can use the Token Exchange (Federated Connection) 1. Navigate to **Applications > Applications**. 2. Select the application you want to configure. -3. Under **Advanced Settings > Grant Types**, select the **Token Exchange (Federated Connection)** grant type. +3. Under **Advanced Settings > Grant Types**, select the **Token Vault** grant type. 4. Select **Save Changes**. ![](/images/cdy7uua7fh8z/4pDrKjLpUISfhhGAfc0EaU/28517676a42ec418c75a7034a0cad343/configure_federated_connection_token_exchange.png) @@ -83,9 +83,9 @@ curl --location --request PATCH 'https://{tenantDomain}/api/v2/clients/{clientId -## Configure federated connection +## Configure Third-Party Connection -Use the Auth0 Dashboard or Management API to configure a federated connection to retrieve and store access tokens for third-party APIs in the Token Vault. +Use the Auth0 Dashboard or Management API to configure a third-party connection to retrieve and store access tokens for third-party APIs in the Token Vault. Once you enable Token Vault for your connection, access and refresh tokens will no longer be stored in the user’s `identities` array. Instead, they will be stored in a secure tokenset within the Token Vault. To learn more, read [Manage tokensets](#manage-tokensets).