Tweet épinglé
Auth0 Lab
562 posts
Auth0 Lab
@Auth0Lab
Exploring the future of identity: https://t.co/zl6VJ52QaD Community Discord: https://t.co/JRJtt0m020
Inscrit le Ekim 2020
8 Abonnements2.6K Abonnés
new experiment, check it out!
yenkel@yenkel
your users want agents that know about them. their past chats, preferences, habits, needs, etc. so we've been experimenting with agent memory at @Auth0. to enable you to build agents that act on users' behalf, the way your users expect interested? DM me or @jcenturion86
English
Auth0 Lab retweeté
Auth0 Lab retweeté
agent identity and access control is a big problem. openclawd makes it very evident :)
a lot moltbook not knowing who is behind usage is that a lot of keys are api keys vs user bound tokens.
there's no openclawd account (nor should there be just for its own sake). identity is relevant and necessary depending on use cases. rate limiting is a very common use case to push for identity
but the question becomes: what do you limit on? e.g. can someone have 1000 clankers if they are a "real person" and is each unlimited? does a person get a quota and the quota gets split amongst clankers?
the identity approach you choose depends on what you need it for. @worldcoin real world identity comes in handy (much like @X verification) because you want to baes it on real world scarcity, not just an agent's "private key"
btw @auth0 we’ve done a bunch of stuff with auth0.ai and there is more coming. if you are dealing with agents, auth, identity, access control hmu. would love to chat
Andy@wangandy
Moltbook voting can’t distinguish between • 1 person running 1,000 molts • 1,000 molts run by 1,000 different people Prove ownership over your agent swarms with onemolt.ai using World ID. Platforms can verify incoming molts have a human owner and reject misbehaving swarms.
English
Auth0 Lab retweeté
❤️ seeing another tech company join the "Labs" trend @GoogleLabs was a pioneer and more recently
- @cloudflare has "emerging tech" formerly lead by @dok2001
- @GitHubNext at github
- @stripe has a team lead by @jeff_weinstein
- at Auth0 we have @Auth0Lab
and now @AnthropicAI
Anthropic@AnthropicAI
We’re expanding Labs—the team behind Claude Code, MCP, and Cowork—and hiring builders who want to tinker at the frontier of Claude’s capabilities. Read more: anthropic.com/news/introduci…
English
Auth0 Lab retweeté
Today is a great day for open standards and AI, and at @Auth0, we’re all in on both.
We’re excited to join the Agentic AI Foundation (AAIF) with @Okta and keep working with the community to help builders create safer, more capable AI systems.
The Linux Foundation@linuxfoundation
Today we launch the Agentic AI Foundation (AAIF) with project contributions of MCP (@AnthropicAI), goose (@blocks) and AGENTS.md (@OpenAI), creating a shared ecosystem for tools, standards, and community-driven innovation. Learn more about this major step toward: hubs.la/Q03Xvw3v0
English
Auth0 Lab retweeté
sign in with @vercel enables every dev to build on top of the AI cloud
naturally, builders using @auth0 will be able to support it for their apps
@nextjs app with "Sign in with Vercel" 👇. thanks @okbel for the last mile assist!
code for `setup_auth0_vercel.sh` in reply
Vercel Developers@vercel_dev
Sign in with Vercel is now generally available. Add Vercel as a sign-in method to your apps with OAuth + OpenID. Try the example app and start building. vercel.com/changelog/sign…
English
can’t wait! we have a bunch of cool experiments planned for 2026
stay tuned!
yenkel@yenkel
an amazing engineer just signed an offer to join the @Auth0Lab team super excited! smart guy, good person, ships a lot, loves to code. excited for what he’ll bring to the team great way to wrap up the week. cheers 🥃
English
from the Lab 🧪 to GA🎉
looking forward to seeing companies of all sizes secure their AI apps and agents with @auth0
Auth0@auth0
Auth0 for AI Agents is GA. Smart agents are easy. Trusted agents are what matter. 🔐 User Auth, Token Vault, Async Auth, FGA for RAG — all built for secure, production AI. Learn more here 👇 bit.ly/4oaOZtV
English
happy to see a Lab project make it this far! 🥂 to more success
yenkel@yenkel
some exciting news 🗞️ 5 years ago we set out to redefine how devs approach authorization at scale, and a few months later decided to open source the core of @auth0 FGA and donate it to @CloudNativeFdn I am humbled by what has happened since. the project we created is being used by companies like @grafana, @sourcegraph, @canonical and @docker … and now exciting news: @openfga has reached CNCF incubation stage!! congratulations to @aaguiar and the rest of the OpenFGA commmunity for this amazing milestone!
English
Auth0 Lab retweeté
Auth0 Lab retweeté
🚀 Just launched: aistandards.directory
The ecosystem of agentic AI protocols and standards is expanding rapidly: MCP, A2A, AP2, XAA... Things are moving fast. This directory helps you keep up.
English
Auth0 Lab retweeté
there are many issues here
one or them the tool is doing auth via hardcoded api keys, not getting tokens scoped to users per tx (eg via oauth)
@auth0 can help address this, both token vault and potentially async authz (depending on implementation)
Michael Bargury@mbrg0
we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us use them to dump full crm records these are autonomous agents.. no human in the loop #DEFCON #BHUSA @tamirishaysh
English
Auth0 Lab retweeté
if you look at the ChatGPT agent demo, you quickly realize it needs to log into sites on your behalf to get stuff done
@auth0 we are working on solving this problem, securely
hmu if you want to chat, DMs are open
Sam Altman@sama
Today we launched a new product called ChatGPT Agent. Agent represents a new level of capability for AI systems and can accomplish some remarkable, complex tasks for you using its own computer. It combines the spirit of Deep Research and Operator, but is more powerful than that may sound—it can think for a long time, use some tools, think some more, take some actions, think some more, etc. For example, we showed a demo in our launch of preparing for a friend’s wedding: buying an outfit, booking travel, choosing a gift, etc. We also showed an example of analyzing data and creating a presentation for work. Although the utility is significant, so are the potential risks. We have built a lot of safeguards and warnings into it, and broader mitigations than we’ve ever developed before from robust training to system safeguards to user controls, but we can’t anticipate everything. In the spirit of iterative deployment, we are going to warn users heavily and give users freedom to take actions carefully if they want to. I would explain this to my own family as cutting edge and experimental; a chance to try the future, but not something I’d yet use for high-stakes uses or with a lot of personal information until we have a chance to study and improve it in the wild. We don’t know exactly what the impacts are going to be, but bad actors may try to “trick” users’ AI agents into giving private information they shouldn’t and take actions they shouldn’t, in ways we can’t predict. We recommend giving agents the minimum access required to complete a task to reduce privacy and security risks. For example, I can give Agent access to my calendar to find a time that works for a group dinner. But I don’t need to give it any access if I’m just asking it to buy me some clothes. There is more risk in tasks like “Look at my emails that came in overnight and do whatever you need to do to address them, don’t ask any follow up questions”. This could lead to untrusted content from a malicious email tricking the model into leaking your data. We think it’s important to begin learning from contact with reality, and that people adopt these tools carefully and slowly as we better quantify and mitigate the potential risks involved. As with other new levels of capability, society, the technology, and the risk mitigation strategy will need to co-evolve.
English
Auth0 Lab retweeté
come join us!
yenkel@yenkel
📣 Big announcement & unique opportunity: We are hiring @auth0lab for the first time ever. Looking for a very senior and hands-on person that loves identity, AI, dev experience and cloud to join the team. This is a remote 🇺🇸 or 🇨🇦 position 🙏please share for reach Details 👇 The team Our team has had a big role shaping the identity industry. We were all early @auth0, which shaped how devs do authentication. And as part of @auth0lab we incubated Auth0 FGA[1] & @openfga which redefined how authorization is done across the industry. Our current focus is enabling builders and companies of any size to ship production grade GenAI apps and agents, by helping them with identity and security. We incubated Auth for GenAI[2], and we have a few more ideas around this that we are currently working on :) Join our team to have fun learning and collaborating with a great group of people, while having the opportunity to shape a huge industry: how developers everywhere implement auth! What you'll be doing We are looking for a very senior, knowledgeable Principal Architect that both wants to be hands on and think about the industry big picture at the same time: ⚡️ Implement proof of concepts and demos of new products, features or standard implementations in our products. We have a dedicated environment for these here. 🏭 Lead industry wide efforts and protocols (e.g. MCP, A2A) around identity with recommendations, samples, SDKs 🔍 Implement samples and SDKs to make it easy to use Auth0 capabilities 💡 Research market adjacencies to inform company strategy, m&a decisions and future investment ideas What you'll bring to the role 🧠 You love to learn and are able to do so quickly 💻 You know how computers work and can apply that to solve hard problems, period. 🤔 You constantly strive to hit the right balance between simplicity and flexibility 💬 You have a talent to grok customer's needs and continuously iterate on your understanding of a problem space based on their feedback, industry trends and available technology 👥 You are able to work in a team environment, have good communication skills and understand the value of collaboration 💡 Nice to have: can design and architect large scale distributed systems 💰 Understand the cost implications of cloud systems you design 👨💻 Have 15+ years of software development experience 👨💻 Have 5+ years of identity experience and working on cloud services 👨💻 Have 3+ years of experience working in developer tooling or strong passion and demonstrable taste for it Intersted? You can find the link to apply in the reply. Have questions? My DMs are open [1] fga. dev [2] auth0. ai
English
Auth0 Lab retweeté
want some feedback 🙏
I’ve been thinking about auth for AI agent interactions for a while. think
client agent -> server agent
came up with a set of 6 problems to solve in question form 👇
are these right? what other important ones are missing?
1️⃣ Authentication: How does the server agent know who is trying to perform an action?
2️⃣ Delegation: Is the agent acting on its behalf, or on behalf of a user? On behalf of another agent?
3️⃣ Consent: If the client is acting on behalf of a user, how does the user consent to this operation?
4️⃣ Authorization: How does the server agent know if the caller can perform the action (e.g., call a specific tool)? If the client is acting on behalf of a user, is the user authorized to perform this action?
5️⃣ Auth for headless agents (agents without a UI): How should AI agents without a UI authenticate users?
6️⃣ Fine-grained authorization: How do we ensure AI agents only have the permissions they need to perform their task, and not more?
English
Auth0 Lab retweeté
Auth doesn't help create 🔥 AI demos. but it does help make your AI agent prod ready
this is why we @auth0 are partnering with @googlecloud to secure Agent2Agent (A2A) authentication
What's the Agent2Agent protocol?
A2A is a new open interoperability protocol created by @googlecloud, and launched a month ago, with support and contributions from 60+ companies.
It aims to allow agents to communicate with other agents regardless of their implementation framework or tech stack. For example, a “client” agent should be able to communicate with server agents implemented with @langchain LangGraph, @crewAIInc, @vercel @aisdk, @CloudflareDev agents SDK, and any other agentic framework, or any agent implemented without one.
Why is auth important for AI Agents?
As companies and devs deploy AI agents into production, interactions between these agents will be common. And naturally, these interactions need to be secure. Auth is a big part of security.
What are we partnering on?
A2A is being designed to support enterprise-grade authentication and authorization from day one.
We are working with @googlecloud to define A2A auth specs based on secure standards and build SDKs and code samples that showcase A2A auth capabilities, including how to integrate A2A with @auth0 and our new product Auth for GenAI, providing both great security and great auth UX.
Headless agent auth
One thing we have also been exploring with the Google Cloud team is how agents that don't have a UI (“headless agents”) should authenticate users. For these scenarios, we believe the Client Initiated Backchannel Authentication (CIBA) flow will be a very valuable tool for developers and architects. CIBA is an OpenID Connect flow that does not rely on redirects in the user's browser. Instead, Agents can reach out to users outside via push notification, email, SMS, etc., for them to authenticate.
A Working Sample
Enough chat, let's see a demo :)
Imagine a scenario where:
1. John Doe, who works at Staff0, wants to open a bank account by talking to a chatbot agent
2. Because of internal policies, the bank agent needs to verify that the user is an employee at Staff0, so it contacts the Staff0 HR agent.
3. The Staff0 HR agent can use the Staff0 HR API to check if the user is an employee or not.
We've worked with the Google Cloud A2A team to build a demo showcasing these capabilities 👇
Link to repo and full blog post with more details in reply
English
Auth0 Lab retweeté
🚨big MCP news!
new auth spec is in. how does it work? 4️⃣ steps
the MCP server is now a "resource server" in oauth parlance (think API), so:
1️⃣ MCP client makes first request to MCP server
2️⃣ MCP server tells clients how they can authenticate to it with a file like this 👇 at a well known location
3️⃣ the MCP client then reaches out to authorization_servers to authenticate and obtain credentials (think a jwt access token, could be others)
side note: @auth0 we are looking forward to being used as the authorization server for a lot of MCP servers. if you are interested in protecting your MCP server with @auth0 DM me :)
4️⃣ the MCP client then calls MCP server tools authenticating with the credentials from 3️⃣
this was a great industry wide collaboration that greatly improves the protocol! big 👏 to @dsp_ for shepherding this through
blog post from Den Delimarsky with more details about the protocols involved in reply (I took the screenshot from it)
English