Build Secure AI Agents with Auth0 and Workers
Presented by: Confidence Okoghenun, Juan Cruz Martinez
Originally aired on August 25 @ 5:00 AM - 6:00 AM EDT
Join our live stream to learn how to build and securely deploy AI agents with Auth0 and Cloudflare Workers.
Hosted by Cloudflare Senior Developer Advocate, Confidence Okoghenun and featuring Juan Cruz Martinez, Staff Developer Advocate at Auth0.
English
Developers
Transcript (Beta)
All right, I think we're live right now and I guess it's a good time for us to start Juan.
What do you think? Hey everybody. Yeah, I think it's a pretty good time to get started.
Yes, welcome everybody. Today we're going to be having a live stream about building secure AI agents with Cloudflare Workers and Auth0 and this is going to be like a hands-on live stream because we won't just be showing you stuff that's all magic, we'll be showing you how it's all built and all of the tools and technologies that comes together to make it work.
So I think this is going to be pretty fun and I am excited for it.
I hope you all are as excited as I am.
I'm really excited as well. Yeah, we have an awesome demo to show. Yes, we do.
So this is what we'll be looking at in today's live stream. This is like a rough agenda of all of the stuff we'll be showing today.
We'll have brief introductions which is what we're running through right now and after the introductions we'll move on to the demo where we show you exactly what we'll be building when it comes to the agent, how it's secure, how we're able to give you access to tools and make that secure as well.
We'll talk about the Cloudflare SDK that makes it really easy for you to build AI agents.
Then we'll move over to how it is we're making it secure with Auth0.
I think this is going to be really cool showing you how to secure connections to your agent and even tools that your agent has access to even if that's over MCP or whatever protocol you choose to use for your agents.
Then we'll leave links to the source code of the application so you can go take it for a spin if you want to get this deployed to your Cloudflare account.
It's something you can do really easily and then we'll have time at the end of this live stream for Q&A.
If you have any questions we can have a chat about it and we can get that discussed.
Just a few reminders, this live stream is being recorded and it's going to be available on YouTube after.
I believe this is also being streamed to Twitter and there's also going to be recording there as well.
So don't worry if you miss anything, there's going to be like a high quality recording after so you can take a look at it and like make references to parts of this live stream for projects you may be working on in the future.
And like we said earlier, we'll share links to everything that we'll be doing to help you get started with a demo and also if you want to get that deployed we share GitHub links, the blog article explaining how it's all put together and links to where you can get started with the agents framework and also Auth0 for you to get everything secure and nice.
All right, so I believe we can go into the intro.
So I'm just going to quickly intro myself and then I'll talk a little bit about Cloudflare.
My name is Confidence, I am a developer advocate at Cloudflare and a little bit about Cloudflare.
Cloudflare is like a really awesome place to build applications, modern serverless applications.
Some of you might have interacted with Cloudflare from the networking and security side, maybe you're using Cloudflare for your DNS and to prevent DDoS attacks, but Cloudflare does like a lot more than that.
You can build full stack apps on Cloudflare and we have all of these great offerings that you can see on screen that makes it possible for you to build full stack modern apps and even AI powered apps as we'll be seeing in this workshop.
So when it comes to like building full stack apps, we have compute, workers and pages.
We have all of that stuff that makes it really easy for you to build apps that can run on the edge.
We have storage solutions if you need an object storage, if you need an SQL compatible data storage, if you need a cache, we also have offerings for that, as you can see in the storage section.
And if you're into media and you have a lot of media you want to offload somewhere so that you can put that on your website, maybe you're building something like an e -commerce site with lots of images and videos, we have offerings for all of that.
And today we'll be looking at the AI more specifically.
So if you're building AI, if you're building agents, if you need a vector database, if you need to set up a rack pipeline, like all of that stuff can be done inside of Cloudflare.
And we provide all of the tools to make the experience end to end really seamless.
So we'll be looking at some of these today and yeah, I'm really excited to show you some of the stuff you can build on Cloudflare.
Juan, do you want to intro us into Auth0? Yeah, that's awesome. Thank you.
Yeah, definitely there's a lot of things that you can do there with Cloudflare.
I'm really excited that I learned some of the things while working for this live stream.
So that's pretty amazing. So for everybody, hi, my name is Juan.
I'm a developer advocate here at Auth0. At Auth0 we build robust authentication and authorization for any application that you need to build, whether that's a web application, a terminal application, an agent running in the background.
If it needs identity, if it needs to know who the user is and what kind of permission the user has, then Auth0 has you covered no matter your stack.
Today I'm very excited because we're going to be working together to build an AI agent, which is something that is now every day in our lives, right?
And we all hear about AI agents and we all want to build them, but we want to build them securely.
And today we're going to use Cloudflare and Auth0 together in combination with our newer SDKs.
And we're going to showcase exactly how you do that. How do you protect and authorize access to your AI agents, but also how can you add an identity layer to your AI agent so that your AI agent knows who the user is, what permissions they have, and it can act on behalf of the user.
So yeah, really excited to get us started.
Yes, thank you. And I think specifically for me, why this is really interesting is yesterday I was in London, we had an MCP demo night in London at our Cloudflare office and I had a presentation there and the question someone asked me is when it comes to MCPs, how do we secure them?
Like we're building all of these awesome AI experiences on top of agents, but how do you ensure it's secure?
And do you know what I told him? I was just like, we are going to answer that question today.
We have a live stream today that we'll be looking at some of that.
So I'm sure he's tuned in and he's going to have his question answered. And this is something that I think is going to be broadly interesting to people building agents because it's really easy to build agents, right?
But figuring out how to make it secure is a bit tricky.
So we'll be looking at some of that today and Auth0 is like an awesome, awesome solution.
It makes it really easy to build secure agents.
So let's get into the demo. I'll stop sharing my presentation. And now it's where things get interesting, right?
Like when we start showing the real things and not so much like PowerPoints.
Yes. Yes. So no more PowerPoints going forward.
Exactly what we'll be building. So let me stop sharing. Okay. And I am going to share my screen.
Okay.
So I believe you can see my screen, right? Yeah, I can see your screen. Okay. So I'm just going to go to the website where I have the running.
If you try to access this link, it's protected.
So only those with access to the link can actually access the agent.
But we'll be leaving a link to the GitHub repository so you can go get this deployed on your account and take it for a spin.
But I have the agent opened.
And what I'm just going to do is log out because before this live stream, I logged in.
So I'll log out and just show you the entire flow. So let's log out. Give that a good reload.
And here we're back in. I'll click on the button to log in.
So I'm going to log into my account. And here I have a screen that I can put in my email and password or log in using Google with Google Auth.
By the way, all of this is powered using Auth0 as you can see, like the logo is right here.
So that makes it really easy to integrate like an authentication flow on top of your agent.
We'll look at how this is done in code very soon.
My account is going to be with Google.
So I'll click on Continue with Google. And here I'll select the Google account I need to log in with.
I don't have the app verified. So you have that banner.
And because this app is also going to have access to my Google Calendar, I need to give it access to read my Google Calendar.
I already have those accesses granted.
So I already have this checked in previous login sessions. So that should be fine.
And I can click on Continue. All right, and I'll go back here in the app. So let's go to chat and have a conversation with the agent.
So let's see. Okay, so I'm saying let's play a game of two truths and one lie.
And the agent's response is sure.
I'll start with two truths and one lie. And you can guess which one is the lie.
Here are my statements. I can help you schedule tasks and events.
I can read your mind. I can provide weather information for any city. Which one do you think is the lie?
So I think this is definitely not true. I don't think the agent can read my mind one.
Or do you think he can? I think maybe he's playing a little bit around with you.
Okay, let's see. Let's give this a try and see if the agent can read my...
I think this is not correct anyway, but let's see. I'm just thinking about how awesome this UI looks like, right?
So maybe it goes somewhere around that.
Oh yeah, this is a cool UI written in TypeScript. We'll look at some of it in the code.
But it looks like it's correct. Yes, I can't read your mind.
I'm not that magical. You are magical, but not that magical. And we can have a conversation back and forth.
So this is a chat interface for the application.
But this is not just a chatbot. I think that's what is very important to stress out here.
It's not just a chatbot. It has tools and can do stuff.
So I can say, what tools do you have? Okay, so we have a couple of tools here.
We can ask it to schedule tasks, to get the weather, to check the local time.
It also has access to stock trading, which we'll see later.
It has access to my Google Calendar and can do some task management.
So let me say, remind me to walk the dog in one minute. So what we've just done is we're using the schedule task tool to tell it to remind us to walk the dog in one minute.
And in 60 seconds, we should get a reminder. But what's really interesting here is showing you some of the other tools.
We have a tool for weather, to get the weather.
So I can say something like, what's the weather in Birmingham?
By the way, I'm in Birmingham. And okay, we get this UI on the app to approve or reject this tool called because this is a tool called that requires human interaction.
So we can approve that tool call. And it's saying, hey, it's sunny in Birmingham, which is awesome.
So in one minute, we should get our reminder.
We should get this reminder pop back up. Yep. And you can see we have that schedule task that has been executed.
And the agent comes back to let us know that, hey, it's time for you to walk the dog.
So that's awesome.
I think this is going to be a good point to showcase the Google calendar integration.
Not so one. Yeah, I think that would be a good idea to transition a little bit into that.
And then we can jump right into the neat and gritty of the code.
But we can show the calendar integration. So one of the things that you may realize from what Confidence has just shown in this with this chat application is that when you log in with Auth0, it already provided the chatbot in some context, right?
So we see in the top right corner of the screen, there's his profile photo that came from his login with Google.
We can see like his name. And we can see some other details about the user.
And that's something that Auth0 already provided to the user.
But when he was logging in, he also did an additional step.
And he granted the chatbot access to his Google calendar. And so now we can interact with the chatbot or with the AI agent.
And the AI agent can perform operations in his Google calendar on his behalf.
And this functionality from Auth0 is not just limited to your Google calendar.
It actually works with any of the social providers.
And we have like 100 different social integrations that you can use.
For example, you can grant access to your agent, to your Spotify account so that it can create playlists on your behalf.
Or it can access to your email so that it can provide you email summaries.
It can access like your Outlook account or any other account that you need to access to, or that your agent needs to access to on behalf of your user, that Auth0 has you covered.
And now we are going to see an example exactly of that where he's going to interact with a tool that we have to check the availability on your calendar.
And yeah, maybe we can, perhaps we can give that a spin.
Okay, let's give this a spin. I would really love to try out the Gmail integration because I received a ton of emails.
And if I can just get the agents to summarize my emails and surface stuff, that's the only important stuff, I think that would be really awesome.
So maybe that's an idea for another demo. Yeah.
I mean, the workflow we are discussing today and what we are going to show in the code today is exactly the same that you need to access your emails.
It's just a different set of permissions.
And then when you call the Google API, that's going to be a little bit different.
But the concept and how you share your access, your personal access to the agent, that's going to be exactly the same.
So yeah, let's give it a spin.
I'd love to. I'd love to look into that. So let's see what's on my calendar.
So right now we only give it access to availability. So if you're free, if you're busy, so maybe we can ask if you are available tomorrow at 3pm.
Okay, so let's see.
Oh, it's thinking I want to schedule something.
So I think it... Oh, because you didn't ask a question.
You actually did a statement. Okay, so that's the question.
Okay, there we go. So, okay, so now we need to actually confirm that we want to give access to the session to the...
Yes. ...on the calendar. Yeah, that's what it's called an interrupt.
An interrupt is when the agent is trying to perform an action on behalf of the user.
So let's see if we can do that. But it doesn't have enough privileges or there was an error or anything happening.
I'm not sure you can see the pop-up.
Can you see the pop-up window? I have a pop-up window.
No, we cannot see the pop-up. Oh, okay. I think I'll probably need to reshare so you can see that.
Okay. So meanwhile, I'm going to explain how these interrupts work.
So interrupts are situations in the workflow of the agent where the agent needs to stop to get a human intervention.
So for example, granting access to a calendar, confirming an operation like we saw in the case of scheduling a task, and any activities like that that requires a human in the loop, a human intervening and providing details, that's called an interruption.
And the UI basically captures those interactions and we have SDKs that you can use to do that automatically and then show a nice pop-up like we have there on the screen where we say basically you need to grant access to the calendar.
Okay. Yeah, this is the pop -up.
I think you can see this. Yeah. So now I'm going to give you access to view my calendar.
Yeah, you can give it access to view the events on your calendar and then...
Yeah, that should be enough. So this is all just in Google side and then the application, the redirects back to Auth0, which confirms the new access, and then you get redirected back to the agent.
And now the agent should have all the access that it needs in order to make that call to the Google Calendar integration.
Yeah, I'll need to go back to share my screen because the pop-up closed and to complete the flow.
These are the things that happen when we go live. Oh yeah, yeah, yeah.
It's really hard sharing screens. But Cloudflare and Auth0 are outstanding.
These are Chrome issues. Oh yeah, yeah, yeah. So this is... It's been able to make the tool call to check my calendar, as you can see.
It was able to make the tool call to check my calendar for tomorrow at three.
And yeah, I'm actually not available tomorrow at three because I have stuff planned tomorrow at three.
And I think the way we did the setup for this is really interesting because it only has permissions to what we give it access to.
So it can only check for my availability on my calendar, but can't see the details of stuff I have on my calendar.
That's the way we have it set up. That was probably smart for the live stream.
We don't want to know exactly what is it that you're doing tomorrow at 3 p.m. Well, I have something interesting planned for tomorrow at 3 p.m.
Oh, maybe we should have spoiled it.
All right. So yeah, that works. It's able to make a call to my calendar.
And you saw the whole authentication flow where I had to grant it access to my calendar, give it permissions to view events on my calendar, and then it's able to read information from my calendar.
And we're only scoping the information it can read to just my availability.
So that means you can really control in a fine-grained way what tools your agent has access to.
And imagine this was a public tool that has access to a database, and you don't want to give everybody access to literally admin access to everything in the database.
So you can specify what permissions you want the agent to have read access or write access or write access to only certain tables.
That's stuff that you can set up using the agent SDK and Auth0.
So let's switch gears.
And I think it's a good idea to show you how all of this works, like what the code looks like, how we put all of this together.
So let me share my terminal.
And I'll broadly walk you through what the implementation of the agent side looks like from a Cloudflare perspective, like what you need to set up the agent.
And one is ready to show us what the authentication bits look like when it comes to implementing the auth aspect on top of the agent.
So let me share my screen.
Okay.
Can you see this?
I can see your terminal.
Yes. Okay, good. This is where my ID is. Okay. So this is the project.
And I can just quickly go into the source. By the way, we're also going to leave a link to this, like I mentioned earlier, the project, I'm going to leave a link to the project in the chat and the description of this video.
So if you want to go fork this, get it cloned and get it deployed to your account, it's something you can do.
So this is the project, essentially. And this is what the source of it looks like.
I'm just going to start by looking into the server.ts file, because this is like where everything is happening.
And then we'll move over to looking at the agents, and then also the tools the agent has access to.
So the server for this app is written in Hono, which is awesome, makes it really easy to build cool API microservices on top of Cloudflare Workers.
And it has a bunch of routes, like we have a route to check for the user to see if the user is authenticated or not.
We have your routes to check to see if we have our open AI key set, because for this agent specifically, we are running the inference on open AI.
So we want to check to see if we have the keys set up in our environment.
We can also, we have that route for close, we have routes for the chats to list the chats we have, to get the chats by ID, to create a new chat, and all the other ones here.
Something you notice is that for each of these routes, one, you can also see this as well, we have, we're grabbing the user's session, and we're checking to see if whoever is trying to access this route is authenticated.
If they are, we let them through.
If they are not authenticated, we send a message to the front end saying that this user is not authenticated, and then they can go to login to get authenticated.
Yeah, and that's part of the Auth0 SDK for Hono, which is what we are using here, which makes it really easy, because you just add a middleware, then you add the require auth on each one of the routes, and then that's it.
Yeah, this, like we have right here, requires auth, yes.
So that's like a protected endpoint. And when it comes to the agents, like we have a route for the agent, which is also protected, and this is where we go to create the agent.
So we return an instance of this agent back to the client.
Again, the client is written in TypeScript. So if we go back up in the source, like this is the client, it's all written in TypeScript and communicates over WebSocket when it comes to sending messages across from the client to the server.
And this, the agent framework also acts as a server for the front end.
So it's not running the agents, which has access to the model we're using for inferencing and also has authentication provided with Auth0.
It's also acting as a server for the static assets that you saw in the UI.
So it's like one really big agent that does all of the other stuff you expect from an agent, and it's also hosting the assets to get the front end done.
So I'm going to close this and let's take a look at the agents.
So this is going to be chat.ts. All right, and this is what an agent looks like.
So we were creating an agent here in the online 44, the class that extends the super agent.
And what I'm seeing here is really interesting.
I think you can also see this one. We're creating an agent, but we are adding extensions on top of that agent.
Do you want to speak briefly on what these extensions do that we're adding to the agent here?
Yeah, exactly. So these extensions are coming from the Auth0 SDK, specifically built for Cloudflare AI.
And what basically does is takes the base class AI chat agent from Cloudflare, and then you can add functionality on top of that.
And so we are using a special library called Flumix.
This is now an optional thing. Normally what we provide are like wrappers on top of AI chat agent, and then Flumix gives us this nice syntax where you can select with AuthAgent, which AuthAgent is basically a wrapper that allows you to inject the JWT token, so who the user is and what kind of roles or accesses it has into the agent.
And then we have this also own agent that allows you to have like an owner for a chat session.
And then we have another one, which is called a single user confirmation resumer.
And we're going to take a look into that a little bit later.
That's an optional step that you need to run a specific tool that we have in Showcase.
Keep that in mind, because we're going to come back to it.
Okay, awesome. So we'll come back to that. But this is what an agent really is.
It's a class that connects to a model. And inside of that class, like you can literally do whatever it is you want.
So this agent has a couple of methods.
It has an on chat message method that describes what happens when a chat is received from the client.
So user types in a message and hits the send key, what happens when that chat message is received.
We also have another method for executing a task for generating a title for each chat session.
And we also have one to grab details from the store.
So let's look at what's inside of the on chat message.
So when a message is received from the front end through web sockets, this method gets executed.
And we're doing a couple of things here. Because this is not just a chat bot, it's an agent, it has access to tools.
So what we're doing here is that we're trying to figure out all the tools we have, we're going to see some of those tools, some just functions that it can call some functions that require human interaction, you have to approve or for that function to run.
And like the one you saw with the Google Calendar, it's an authenticated tool.
So we have to grant permission to my calendar.
And that has to take us through the login flow to to get that set up.
So we have all the tools here. And we go to create a new agent instance, or we go to create a new instance to run the inference on on GPT for so this is why we need to verify that the open AI key is set in the environment, because we're going to be using GPT for for inference.
And here's where we create, we create the stream text function using the AI SDK, we give you access to the tools.
It has access to the tools, we tell it what model to run, we have a system prompt.
And what happens when it finishes? What happens when there's an error? And that's literally it.
So like this function describes what an agent is, what happens inside of this function is really up to you.
Like we were talking about in the presentation I had yesterday, I kind of think of an agent as an operating system.
And then you choose what apps you want downloaded from your app store.
So you can pick and choose whatever apps you want.
You can swap this out for Elama for for example, or use 11 laps for instance, if you wanted this to be like a voice agent instead of a text chat agent, all of that is really up to you.
So you can pick and choose what to use.
And that makes it really easy to integrate with audio when it comes to like, securing all of the bits because the agents framework is really open, and it's a bit low level.
So you can choose what paths you want to use and how those paths interact with each other when it comes to how the implementation is done.
Now, I'll quickly like to show you some of the tools we have, we have two sets of tools, I am going to open that up tools.
Alright, so we have a couple of tools that you saw in the demo earlier, we have the get weather tool.
And this requires confirmation, it requires a human approval.
So this is an example of how to set up a tool that requires the user to come in.
And that means the execution of the agent pauses until that tool is either approved, like the request to run that tool is either approved or rejected.
We have a couple of other ones. So we have the local time, you saw the one to schedule a task where the agent can schedule a task for a future time, and then run that task when the time has arrived.
And yeah, this is a helper to get scheduled tasks. So the agent knows what has been scheduled, you can cancel your scheduled task.
And that's for the regular tools.
Now, what I think is more interesting is the calendar tool. So let's, let's open that calendar.
Yeah, I think this is it.
So this is the calendar tool. And it's protected using Auth0.
That's why we needed to grant permission, like I needed to log in to give it access to my calendar specifically.
So this function is wrapped on that with Google Calendar Helper.
And that helps us ensure that for this session, the user is authenticated, and we have the correct tokens to access the user's calendar.
That's correct. So basically, what that wrapper is doing, right, so you need to specify what are the permissions that you require to access the function.
So you can navigate into the code for that with Google Calendar, and you'll see that it requires a calendar access.
And the other thing that it's doing is if it detects that the user currently do not have that particular access, which I think in this case is called a free VC, and it will trigger the interrupt, which is what we captured in the UI to show that pop up message that says, okay, you don't have access to the Google Calendar, please grant me access to that.
And so that's it with Calendar. Exactly. You just use an Auth0 SDK to say, okay, you require a token for a connection.
You specify how you obtain the refresh token, which is always going to be the same for the case of Helper.
And then you define like your connection.
So for example, it can be like Google or your Spotify, whatever connection is that you have.
And then what are the scopes? And the scopes are basically the permissions that you need in order to perform that or to call that tool.
Yeah, I mean, it's a pretty straightforward configuration. This is just like configuring a JSON file to get access to my Google Calendar.
And this is how you specify it.
It's really clean, really straightforward. And once we have, once we're able to confirm that, hey, we have access to the user's calendar, this is called in the Free Busy API.
And that's because we only need to check if the user is available or not available.
We don't want to see what's in the user's calendar, because we don't need to have access to that much information.
If you're building a totally different use case, where you need to read the content of the calendar, you have to call a different API.
But the beauty of this is that we have given, we have granted access to our Google Calendar, we can specifically choose how much information our agent has access to.
In this case, we're just telling it, hey, the only thing you can know about the user's calendar is if the user is available or not.
You don't have to like, when you give access to a tool like a Google Calendar, you don't have to automatically grant like all permissions to read, edit, delete all permissions to the agent.
So you can like specifically choose what tools the agent has.
And that's really going to help with security because it should follow the rule of least privilege, like only give the tool access to what it needs and nothing more.
So in this case, we are just in Free Busy, it makes a call, it figures out if we're free or not.
And then it returns a response back to the agent.
And that gets shown to us on the UI. And the agent is able to respond if for a given date, if we are available or not.
So yeah, this is the, yeah, this is, I think it's really, the implementation is really straightforward.
And I like the way it's being done in a clean way using Auth0 to wrap the all.
Yeah, exactly.
And like you were mentioning before, right? So this can extend to other contexts.
Like for example, if you need access to your email, what Auth0 is providing you is like five lines above where you currently are.
It's like, it's giving you that access token, right?
Using the get access token for connection function.
And then that gives you not an access token to connect to your Auth0 API or like to your own first party API, but that is an access token that you can use against the Google APIs, against the Spotify APIs, against the Salesforce APIs, right?
And so the code that you write below that, that's up to you on what you want to do, right?
So if you need to access the emails to like then provide a summary, you can do that as well.
And the process of the flow is going to be exactly the same as we saw for the calendar integration.
But then what's going to be different is the actual execution of that tool, right?
So once you have that access token, you're free to contact those APIs and retrieve any information or make changes into any of these underlying services.
And it all happens on behalf of the user.
And in this case, this is a pretty straightforward example because we were directly in the UI, but the agents could be also like running in the background, right?
Like we saw the case of the scheduling a tool in an hour, right? You can schedule something in an hour to, for example, go and fetch your emails and give you a summary.
If there are new emails or things like that, where the user doesn't necessarily need to be in front of the computer, you can just receive like a push notification and then it will receive all that information without him acting directly.
So once you grant the access, then the agent can perform all the tools that it needs and yeah, help you perform many of the tasks.
Yeah. And I think this is a good point to look into specifically how the authentication flow is set up, both from like logging in into the chat interface and then granting access specifically to the tools like the check my calendar tool.
Let's take a look at how that was set up.
So I'll stop sharing my screen. Yeah. You want to walk us through it?
Yeah. I'm going to share my screen now. We have been a through this, but yeah, hopefully you can see my screen now.
Yes, I can. All right. So I have, again, this is my IDE.
It's also terminal based and everything starts in the server, right?
Like we were explaining before, we build without zero specific frameworks for the AI agent, part with Cloudflare, but we also have a web application that is running here.
Cloudflare does not only provide like the AI framework, but also is hosting our web application and we are using the HANA framework.
And the first thing that we need to do in order to add authentication and authorization to our application is to add this middleware.
This is coming from the L0 configuration from the L0 SDK.
And it's basically just defining the scopes that we need to authorize this application.
Now, because we are using this particular SDK and we are not passing any configuration details about our L0 account, that's because everything is happening through environment variables.
And we have an example of how that looks like, which is in this example file.
You will find all if you follow our blog post that we are going to share here on the description and also on the chat, you will see details on how to get every single one of these values from the L0 domain session client and audience.
But basically this sets up the authentication.
It will create like the endpoints that you need to log in, log out.
And then on any endpoint that you need to protect, you basically can use the required authentication.
And then this endpoint will not be called unless the user is already logged in.
If you want to verify that as well, or if you need to get access to information about the user or the session, you can also get that information from the context.
So that's basically authentication. It's pretty easy and pretty straightforward.
This is typical web application authentication, how you perhaps you already know and love L0 for.
But then we have also the agent piece and the agent piece is in this file called L0.ai.
And this is where we define functionality that belongs specifically to the AI agent.
And so we have some helper methods like how do you get your agent, right?
This is again interacting with the Cloudflare SDKs.
But then we define the L0 .ai main instance. And this is the instance that we are going to use in all the tool calls.
And we define the store. The store is simply because we need to save information about the session of the user.
For the agent, we need to provide a way to define that. So we basically use this get agent and we provide this L0.ai store in here.
You can also define like your own stores in here if you want to use something like Redis, for example, to store some of the information.
If not, we provide like some default in-memory storage.
And then we define like the tools like we saw before, the wrappers for the tools.
So we have one tool, which is the with Google Calendar integration, right? We already discussed a little bit about this.
It allows you to wrap a tool to require access to a federated connection.
And a federated connection is simply an underlying service that your agent needs access to on behalf of the user, right?
So yeah, you can define those.
And then we have another example here. And this is what I explained before about this asynchronous user confirmation before.
And it is an interesting and different workflow.
And perhaps I'm going to demo that and then we go back to the code so that everybody kind of like knows exactly what is it that we are doing.
Okay. Okay. That makes sense. I was just going to ask if this is something we can demo and we can.
Yeah. Yeah, of course. So I'm here again into my iChat.
I'm running it in localhost so that you can see that not only you can run it on Cloudflare, but the same example can work in your local environment.
And I'm going to make a transaction through the agent, right? So I feel lucky.
And so I'm going to make some stock transactions. So I'm going to tell the agent to buy me perhaps, I don't know, 10 stocks of Cloudflare.
Yeah. So I'm pretty sure they're going to do great with all this agent stuff they're working on.
That's a good bet you're making there.
Yeah. And so right now the agent, it kind of like, it looks like it kind of like freeze here, right?
It's like it started the execution, but it's not continuing with the message.
And this is because I just got a notification on my phone.
I don't know if you can see here my phone screen, but I got a notification.
And if I open that notification now, I have an application here called Auth0Guardian.
And this can be your own application. It doesn't have to be the Auth0Guardian.
And it's basically kind of like when we want to do a transaction in the bank that it asks you for confirmation.
And it's telling me that the GNI application sample that we have here is trying to perform an operation.
And it asked me to deny or to approve. And I'm going to deny because I don't want 10.
I actually want 20. I think they are going to do great. So when I deny the transaction, now the agent is telling me that the request was denied, right?
And so I was able to asynchronously interact with the agent through my phone and then continue in the workflow execution, right?
And now, so if I try now to buy 10, and I'm going to get us a new notification.
And this time I'm going to approve the notification.
There we go. And now it's going to go to my broker or whatever this tool is doing, right?
This is just a simulation. But yeah, now it just told me that I successfully purchased 20 shares of Cloudflare, right?
And all I had to do was confirm that through my phone, through my device.
And that is a perfect example of how Auth0 can help your AI agents keep humans in the loop, which is a term in the AI industry that people use to make sure that people always have the last saying, right?
We love AI agents. We love that they can do a lot of things for us, but we want to be the ones having the last saying, right?
We don't want AI agents just performing random activities on our behalf, right?
I think this is a specifically good example of human in the loop because we are adding authentication in front of it.
So Auth0 Guardian has some authentication. I know before this, you had to sign in and approve your agent.
And that's why you got a notification afterwards when your agent needed to perform an action for you.
So it's human in the loop, but with security on top of it to ensure that this is my agent, I'm giving it the right access and permissions.
And when it needs to do stuff, I should be aware of it's coming to ask me and not someone else.
Yeah, exactly.
And it's all built on standards. So if you want to use like your own application instead of the Auth0 Guardian, like you can do that.
We also provide the case that help you build your own mobile application to receive these notifications and confirm.
You can also use email for that, right? You receive an email, you click on the link and then you take the action.
But yeah, so that's the basic idea is that at some point the AI will try to trigger a tool call.
And before they can do that, we need to confirm the execution of that tool.
Like if you buy coded, like we, I guess like we all fell into that for a little bit.
It's kind of like the same thing, right?
But you are in front of the screen. So when it asks you, can I execute this terminal command or do you approve these changes, right?
So you always need to be confirming what they used, what the agent is doing.
Well, this is the same thing, but it's asynchronous because this agent can be running in the background.
You are doing your own thing, like walking your dog, right?
And then you receive the notification, what the agent is trying to do.
And then you can make that decision, right?
And everything is happening or all the matching is happening really within this function with asynchronous user confirmation, where we use again, DL0 SDK, DL0 AI instance that we have.
And we need to provide some information, like for example, what is the user ID that is trying to access the activity?
In this case, we get it from the agent and we get the owner for that session within the agent.
Then we have the scopes. What are the scopes for this particular transaction?
In this case, it's trying to buy stocks. What is the audience? And the audience is the API that you're going to call during the tool execution, right?
In this case, we have a fake audience, but in a real world scenario, you would have here like your brokers or your own API audience, and you'll receive like an access token the same way we did for Google, but for that particular API.
And then we have this unauthorization interact, which basically just tells the system what to do when it needs to grant the permission, right?
And so in this case, it has schedules and asynchronous user confirmation.
And this is basically the flow we have where we receive the notification, but we can have different options.
Then we have an unauthorized function that we can customize to decide what do we do when the user denies the request.
You can do like different things in here, kind of like a hook, and a binding message.
And the binding message is basically what you receive in the application to confirm the operation, right?
And you can also have variables in here, like for example, how many, so every single variable the tool receives, you can also receive in the binding message.
So this can be like rich. You can say like, please confirm the operation of buying 20 stocks of Cloudflare, right?
And this is all you need.
Then you wrap your regular tool calling with this with asynchronous user confirmation, which we can see on the tools by stock.
Where we simply wrap that. And then in the execute, this is just a simulation.
It just confirms the purchase. But in here, what you will actually be doing is you will be calling that broker API or your own API to perform the transaction.
But yeah, this is pretty much how Auth0 can help you build security agents together with Cloudflare.
Yeah. And this is really cool because I love the way it's all like well laid out.
There's no magic happening here.
Like you can take a look at the source code and see exactly what's happening and how it has been set up.
And if you're going to be someone who's looking at the code and you want to take this and customize this for some other application that you would like to build an agent for, like it's really easy.
Like it's well documented, like the code is documented itself, and you can see what's going on and how to set it up.
So it's really cool. Yeah, exactly. And also remember, we are going to be sharing the link in the description, and maybe we can paste it here again on the chat.
And you can also visit Auth0.com slash AI. That's a handy URL that we have for all the things AI together.
And this is going to explain you a little bit what we have taken a look into that today.
Also, you can sign up for a free account with this.
And you're going to have some demos and some examples that are a little bit different to what we've seen today with different tool calls.
So you can see the different things that you can do with the tools we provided today.
But the foundations for everything are what you learned today on how do you use Cloudflare and Auth0 together to secure and to provide identity to your AI agents.
Yes, thank you. I just shared a link to the GitHub project.
So if you want to take a look at that, it's going to be there. And the project has a really detailed readme to help you set it up locally and also get it deployed.
And to get it deployed, really, all you have to do is run npm run deployed, and that should be all you need to get it deployed to your Cloudflare account.
So it's pretty straightforward. So I think we can do some Q&A. I'm just going to look at the chat to see if we have questions that may have been asked.
So if you have questions, this is time for Q&A.
I'm looking at the chat right now, and we will be answering your questions.
I think there's one question for you. It says, what's something security-related that people most often seem to forget when building AI agents?
I think security as a whole. It's sometimes a bit of a thing. It's like people are so excited to build AI and to get it working that they completely forget about security.
They just want to see something working. Right. Even the bigger ones, right?
Like when OpenAI first released, Chattopadhyay and similar companies did similar journeys, right?
They just released it, right? And then people start prompting, and then they get curious, and then they put it to extremes, and then it starts giving all these crazy answers.
And then they were like, oh, no, we need to do something about this, right?
And so then starting covering prompting security, which is a thing, right?
So making sure that your AI does not give it responses that it shouldn't, right?
So I think that's very important.
Prompting engineering is becoming a real thing. It's very important, and there's a lot of security that comes with your prompts.
And then there's this whole phase that we have now where LLMs do a lot of the heavy lifting, right?
And they already provide a lot of information from the Internet, and they can connect with tools to do search browsing and read articles on your behalf and all these things.
But now we start seeing a lot of these models also adding information about you, right?
So JetDVD, for example, has this memory thing. Google connects with all these suites, right?
So you can ask questions about your documents and all the things.
And when you start integrating all these different services and personalization, I think it's very important that you don't lose oversight on what information you're exposing to the models.
Because maybe you leak some personal information about users because agents, in a way, are a little bit unpredictable in what they output.
So you may need to make sure that your inputs are very high quality.
Yeah, I think that makes sense. So people usually think of security after.
When it comes to agents, I think it's really important to think of security before starting the project and not figuring out vulnerabilities later on.
And then for tools, like you mentioned, you only want to give scoped access to tools.
You don't just want to give it like admin access to everything in your database, for example.
Only give it access to what it needs to get the job done, and you should be fine.
And like we saw today, Auxiliary makes that really, really easy to set up.
So that should be easy for you to set up on your own applications as well.
We have another question. Ricardo asks, are the tokens that Auxiliary returns reusable or that the SDK require a call for a token for each agent to request?
Do I just need one token or do I need to keep getting tokens for each tool call?
No, they are reusable. They are reusable. And that's why we define the storage.
In the storage, we save all the different tokens that you have from the different services.
Only if you get access, let's say the example of the calendar, right?
So I check my availability, that only requires free VC. And so I get an access token for that.
Then if I have another tool that may require additional access, right, then I will need a new access token.
But as long as the scope didn't change, then you can keep on using the same access token and the SDKs handle that automatically for you.
Because we store the tokens and keep them in memory or whatever storage solution you decide to use.
Yeah. And the tools wrap.
So the Aux service wraps around the tools and automatically provide the token.
So it's something you actually don't even have to worry about. Right. And we optimize so that you don't need to fetch tokens if you already have one, right?
Yeah. We have a question from Ness. It says, how does workers use MCP? Can it complete some browser automation?
So the way an agent works with MCP is that it can be an MCP server, or it could also be an MCP client.
I did a demo yesterday where the agent was an MCP client.
So he was connecting to some external service that's an MCP server.
And the agent is a client, and it's able to call tools on the server to actually get them executed.
So it can be either way. And we have documentation on agents.Cloudflare.com to show you how all of this can be set up.
As for browser automation, Cloudflare Workers has support for browser rendering, which means you can spin up headless browser instances to visit a website.
You can pull out the content from that website and pass that as context to your LLM, or maybe do something else with the content.
So that's something that's supported today. We have the browser rendering API.
We also have it on a REST API. So if you don't want to write the codes to control the browser, you can just call an API endpoint and pass in the URL you want to be rendered.
And that's going to get done for you automatically. So Google browser rendering on Cloudflare, and you should see nice resources on that as well.
I hope that answers your question. Okay, there's another question from this.
It says, how does inference work? How can I hook up my own OLAMA endpoint?
Awesome. So if you have OLAMA hosted, so where you saw the on-chat message method on the agent is where you would want to hook up any LLM of your choice.
In this example, we're using GPT -4, but this can be anything. It can be OLAMA, it can be a coin, whatever it is you want.
It can be a cloud. All you have to do is connect to it, like connect to it on the on-chat message.
In this case, we're using the AI SDKs library to connect to the GPT-4 instance.
If you have a different model provider and your model provider also has an SDK, or even if it's a REST API and you get responses through streamable HTTP, that's something that you can get set up inside of the on-chat message.
The execution context happens there, and you can pick and choose which models that you would like to use.
I have done a voice set up previously with OLAMA, and it worked quite well.
There was a speech-to-text model, there was a text-to -speech model, and then there was the LLM inside of the on-chat message.
You can mix and match and specify exactly what you want to happen when a message is received by the agent.
All right, then. I guess that's all the questions we have.
That's perfect. We are right on time. Also, regarding that MCP question, maybe we can also share some resources because we also have some examples on how to add authentication with Cloudflare and Auth0 to MCP, and maybe we can add also that into the chat here for anyone who's interested into that.
I think that's also a valuable resource.
We have two good resources on that. One talks about the theoretical pieces of it and gives kind of like an introduction to MCP, and the other one goes into the details of how you build an MCP server with Cloudflare and authentication with Auth0.
I think that's a good idea. We'll add that in the description with the other resources we're sharing so you can take a look at it after the live stream.
Thank you so much, everyone, for being here with us.
It's been incredible doing this live stream with you, Juan. Thank you. I had so much fun.
Working on this with you, I've learned so much about authentication, stuff I wasn't thinking about in AI applications.
I've gotten more information on how to do that securely and really easily with Auth0.
Thank you for doing this for us.
Awesome. Thank you. Thanks for having me. Like we said earlier, this is Recorded, so it's going to be on YouTube.
The live stream is going to be on YouTube.
For all of the resources mentioned today, it's going to be included in the description for this live stream, so please check back on the description so you can get access to the resources mentioned.
With that, we can call it a day.
Thank you, everyone. Thank you.
