Auth0 Lab

562 posts

Auth0 Lab banner
Auth0 Lab

Auth0 Lab

@Auth0Lab

Exploring the future of identity: https://t.co/zl6VJ52QaD Community Discord: https://t.co/JRJtt0m020

انضم Ekim 2020
8 يتبع2.6K المتابعون
تغريدة مثبتة
Auth0 Lab
Auth0 Lab@Auth0Lab·
Auth0 Lab: UI Components 🚀 - We're excited to share that we've open-sourced our latest experiment on UI components!
English
4
16
43
15.6K
Auth0 Lab أُعيد تغريده
Thorsten Ball
Thorsten Ball@thorstenball·
Someone please solve auth for agents.
English
100
17
289
43.5K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
agent identity and access control is a big problem. openclawd makes it very evident :) a lot moltbook not knowing who is behind usage is that a lot of keys are api keys vs user bound tokens. there's no openclawd account (nor should there be just for its own sake). identity is relevant and necessary depending on use cases. rate limiting is a very common use case to push for identity but the question becomes: what do you limit on? e.g. can someone have 1000 clankers if they are a "real person" and is each unlimited? does a person get a quota and the quota gets split amongst clankers? the identity approach you choose depends on what you need it for. @worldcoin real world identity comes in handy (much like @X verification) because you want to baes it on real world scarcity, not just an agent's "private key" btw @auth0 we’ve done a bunch of stuff with auth0.ai and there is more coming. if you are dealing with agents, auth, identity, access control hmu. would love to chat
Andy@wangandy

Moltbook voting can’t distinguish between • 1 person running 1,000 molts • 1,000 molts run by 1,000 different people Prove ownership over your agent swarms with onemolt.ai using World ID. Platforms can verify incoming molts have a human owner and reject misbehaving swarms.

English
6
3
25
4K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
❤️ seeing another tech company join the "Labs" trend @GoogleLabs was a pioneer and more recently - @cloudflare has "emerging tech" formerly lead by @dok2001 - @GitHubNext at github - @stripe has a team lead by @jeff_weinstein - at Auth0 we have @Auth0Lab and now @AnthropicAI
Anthropic@AnthropicAI

We’re expanding Labs—the team behind Claude Code, MCP, and Cowork—and hiring builders who want to tinker at the frontier of Claude’s capabilities. Read more: anthropic.com/news/introduci…

English
2
3
28
2.9K
Auth0 Lab أُعيد تغريده
Auth0
Auth0@auth0·
Today is a great day for open standards and AI, and at @Auth0, we’re all in on both. We’re excited to join the Agentic AI Foundation (AAIF) with @Okta and keep working with the community to help builders create safer, more capable AI systems.
The Linux Foundation@linuxfoundation

Today we launch the Agentic AI Foundation (AAIF) with project contributions of MCP (@AnthropicAI), goose (@blocks) and AGENTS.md (@OpenAI), creating a shared ecosystem for tools, standards, and community-driven innovation. Learn more about this major step toward: hubs.la/Q03Xvw3v0

English
0
2
9
3.6K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
sign in with @vercel enables every dev to build on top of the AI cloud naturally, builders using @auth0 will be able to support it for their apps @nextjs app with "Sign in with Vercel" 👇. thanks @okbel for the last mile assist! code for `setup_auth0_vercel.sh` in reply
Vercel Developers@vercel_dev

Sign in with Vercel is now generally available. Add Vercel as a sign-in method to your apps with OAuth + OpenID. Try the example app and start building. vercel.com/changelog/sign…

English
1
10
35
7.5K
Auth0 Lab
Auth0 Lab@Auth0Lab·
happy to see a Lab project make it this far! 🥂 to more success
yenkel@yenkel

some exciting news 🗞️ 5 years ago we set out to redefine how devs approach authorization at scale, and a few months later decided to open source the core of @auth0 FGA and donate it to @CloudNativeFdn I am humbled by what has happened since. the project we created is being used by companies like @grafana, @sourcegraph, @canonical and @docker … and now exciting news: @openfga has reached CNCF incubation stage!! congratulations to @aaguiar and the rest of the OpenFGA commmunity for this amazing milestone!

English
1
0
5
1.5K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
another year, another @auth0lab team offsite (+ featured guests) extremely happy and grateful to have met these folks 10+ years ago and to continue working with them ❤️ we miss you @woloski
yenkel tweet media
English
6
2
39
2.7K
Auth0 Lab أُعيد تغريده
Sandrino Di Mattia
Sandrino Di Mattia@sandrinodm·
🚀 Just launched: aistandards.directory The ecosystem of agentic AI protocols and standards is expanding rapidly: MCP, A2A, AP2, XAA... Things are moving fast. This directory helps you keep up.
English
1
4
11
1.8K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
there are many issues here one or them the tool is doing auth via hardcoded api keys, not getting tokens scoped to users per tx (eg via oauth) @auth0 can help address this, both token vault and potentially async authz (depending on implementation)
Michael Bargury@mbrg0

we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us use them to dump full crm records these are autonomous agents.. no human in the loop #DEFCON #BHUSA @tamirishaysh

English
1
2
5
1.6K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
if you look at the ChatGPT agent demo, you quickly realize it needs to log into sites on your behalf to get stuff done @auth0 we are working on solving this problem, securely hmu if you want to chat, DMs are open
yenkel tweet media
Sam Altman@sama

Today we launched a new product called ChatGPT Agent. Agent represents a new level of capability for AI systems and can accomplish some remarkable, complex tasks for you using its own computer. It combines the spirit of Deep Research and Operator, but is more powerful than that may sound—it can think for a long time, use some tools, think some more, take some actions, think some more, etc. For example, we showed a demo in our launch of preparing for a friend’s wedding: buying an outfit, booking travel, choosing a gift, etc. We also showed an example of analyzing data and creating a presentation for work. Although the utility is significant, so are the potential risks. We have built a lot of safeguards and warnings into it, and broader mitigations than we’ve ever developed before from robust training to system safeguards to user controls, but we can’t anticipate everything. In the spirit of iterative deployment, we are going to warn users heavily and give users freedom to take actions carefully if they want to. I would explain this to my own family as cutting edge and experimental; a chance to try the future, but not something I’d yet use for high-stakes uses or with a lot of personal information until we have a chance to study and improve it in the wild. We don’t know exactly what the impacts are going to be, but bad actors may try to “trick” users’ AI agents into giving private information they shouldn’t and take actions they shouldn’t, in ways we can’t predict. We recommend giving agents the minimum access required to complete a task to reduce privacy and security risks. For example, I can give Agent access to my calendar to find a time that works for a group dinner. But I don’t need to give it any access if I’m just asking it to buy me some clothes. There is more risk in tasks like “Look at my emails that came in overnight and do whatever you need to do to address them, don’t ask any follow up questions”. This could lead to untrusted content from a malicious email tricking the model into leaking your data. We think it’s important to begin learning from contact with reality, and that people adopt these tools carefully and slowly as we better quantify and mitigate the potential risks involved. As with other new levels of capability, society, the technology, and the risk mitigation strategy will need to co-evolve.

English
2
6
21
4.5K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
if you are are an @auth0 customer and want to allow web AI agents (like @OpenAI Operator) to access your site securely and do stuff on behalf of users, DM me working on something ;)
English
2
1
10
1.8K
Auth0 Lab
Auth0 Lab@Auth0Lab·
come join us!
yenkel@yenkel

📣 Big announcement & unique opportunity: We are hiring @auth0lab for the first time ever. Looking for a very senior and hands-on person that loves identity, AI, dev experience and cloud to join the team. This is a remote 🇺🇸 or 🇨🇦 position 🙏please share for reach Details 👇 The team Our team has had a big role shaping the identity industry. We were all early @auth0, which shaped how devs do authentication. And as part of @auth0lab we incubated Auth0 FGA[1] & @openfga which redefined how authorization is done across the industry. Our current focus is enabling builders and companies of any size to ship production grade GenAI apps and agents, by helping them with identity and security. We incubated Auth for GenAI[2], and we have a few more ideas around this that we are currently working on :) Join our team to have fun learning and collaborating with a great group of people, while having the opportunity to shape a huge industry: how developers everywhere implement auth! What you'll be doing We are looking for a very senior, knowledgeable Principal Architect that both wants to be hands on and think about the industry big picture at the same time: ⚡️ Implement proof of concepts and demos of new products, features or standard implementations in our products. We have a dedicated environment for these here. 🏭 Lead industry wide efforts and protocols (e.g. MCP, A2A) around identity with recommendations, samples, SDKs 🔍 Implement samples and SDKs to make it easy to use Auth0 capabilities 💡 Research market adjacencies to inform company strategy, m&a decisions and future investment ideas What you'll bring to the role 🧠 You love to learn and are able to do so quickly 💻 You know how computers work and can apply that to solve hard problems, period. 🤔 You constantly strive to hit the right balance between simplicity and flexibility 💬 You have a talent to grok customer's needs and continuously iterate on your understanding of a problem space based on their feedback, industry trends and available technology 👥 You are able to work in a team environment, have good communication skills and understand the value of collaboration 💡 Nice to have: can design and architect large scale distributed systems 💰 Understand the cost implications of cloud systems you design 👨‍💻 Have 15+ years of software development experience 👨‍💻 Have 5+ years of identity experience and working on cloud services 👨‍💻 Have 3+ years of experience working in developer tooling or strong passion and demonstrable taste for it Intersted? You can find the link to apply in the reply. Have questions? My DMs are open [1] fga. dev [2] auth0. ai

English
0
0
5
450
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
want some feedback 🙏 I’ve been thinking about auth for AI agent interactions for a while. think client agent -> server agent came up with a set of 6 problems to solve in question form 👇 are these right? what other important ones are missing? 1️⃣ Authentication: How does the server agent know who is trying to perform an action? 2️⃣ Delegation: Is the agent acting on its behalf, or on behalf of a user? On behalf of another agent? 3️⃣ Consent: If the client is acting on behalf of a user, how does the user consent to this operation? 4️⃣ Authorization: How does the server agent know if the caller can perform the action (e.g., call a specific tool)? If the client is acting on behalf of a user, is the user authorized to perform this action? 5️⃣ Auth for headless agents (agents without a UI): How should AI agents without a UI authenticate users? 6️⃣ Fine-grained authorization: How do we ensure AI agents only have the permissions they need to perform their task, and not more?
yenkel tweet media
English
18
5
30
4.5K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
Auth doesn't help create 🔥 AI demos. but it does help make your AI agent prod ready this is why we @auth0 are partnering with @googlecloud to secure Agent2Agent (A2A) authentication What's the Agent2Agent protocol? A2A is a new open interoperability protocol created by @googlecloud, and launched a month ago, with support and contributions from 60+ companies. It aims to allow agents to communicate with other agents regardless of their implementation framework or tech stack. For example, a “client” agent should be able to communicate with server agents implemented with @langchain LangGraph, @crewAIInc, @vercel @aisdk, @CloudflareDev agents SDK, and any other agentic framework, or any agent implemented without one. Why is auth important for AI Agents? As companies and devs deploy AI agents into production, interactions between these agents will be common. And naturally, these interactions need to be secure. Auth is a big part of security. What are we partnering on? A2A is being designed to support enterprise-grade authentication and authorization from day one. We are working with @googlecloud to define A2A auth specs based on secure standards and build SDKs and code samples that showcase A2A auth capabilities, including how to integrate A2A with @auth0 and our new product Auth for GenAI, providing both great security and great auth UX. Headless agent auth One thing we have also been exploring with the Google Cloud team is how agents that don't have a UI (“headless agents”) should authenticate users. For these scenarios, we believe the Client Initiated Backchannel Authentication (CIBA) flow will be a very valuable tool for developers and architects. CIBA is an OpenID Connect flow that does not rely on redirects in the user's browser. Instead, Agents can reach out to users outside via push notification, email, SMS, etc., for them to authenticate. A Working Sample Enough chat, let's see a demo :) Imagine a scenario where: 1. John Doe, who works at Staff0, wants to open a bank account by talking to a chatbot agent 2. Because of internal policies, the bank agent needs to verify that the user is an employee at Staff0, so it contacts the Staff0 HR agent. 3. The Staff0 HR agent can use the Staff0 HR API to check if the user is an employee or not. We've worked with the Google Cloud A2A team to build a demo showcasing these capabilities 👇 Link to repo and full blog post with more details in reply
English
7
16
79
8.1K
Auth0 Lab أُعيد تغريده
yenkel
yenkel@yenkel·
🚨big MCP news! new auth spec is in. how does it work? 4️⃣ steps the MCP server is now a "resource server" in oauth parlance (think API), so: 1️⃣ MCP client makes first request to MCP server 2️⃣ MCP server tells clients how they can authenticate to it with a file like this 👇 at a well known location 3️⃣ the MCP client then reaches out to authorization_servers to authenticate and obtain credentials (think a jwt access token, could be others) side note: @auth0 we are looking forward to being used as the authorization server for a lot of MCP servers. if you are interested in protecting your MCP server with @auth0 DM me :) 4️⃣ the MCP client then calls MCP server tools authenticating with the credentials from 3️⃣ this was a great industry wide collaboration that greatly improves the protocol! big 👏 to @dsp_ for shepherding this through blog post from Den Delimarsky with more details about the protocols involved in reply (I took the screenshot from it)
yenkel tweet media
English
12
20
73
16.7K

اكتشف

@worldcoin @X @auth0 @GoogleLabs @Cloudflare @dok2001 @GitHubNext @stripe