Auth for GenAI enables AI agents to asynchronously authorize users using the Client-Initiated Backchannel Authentication Flow (CIBA). AI agents can work in the background, only notifying the user when needed for critical actions. When you add secure human-in-the-loop approvals to your AI agent workflows, you can use Auth0 to request the user’s permission to complete an authorization request. The AI agent can render rich authorization data in the consent prompt so the user knows exactly what they’re authorizing. By the end of this quickstart, you should have an AI agent integrated with the Auth0 AI SDK that can request to buy products from an online shop on the user’s behalf.

Pick your tech stack

Prerequisites

Before getting started, make sure you have completed the following steps:
1

Create an Auth0 Account

To continue with this quickstart, you need to have an Auth0 account.
2

Create an Auth0 Application

Go to your Auth0 Dashboard to create a new Auth0 Application.
  • Navigate to Applications > Applications in the left sidebar.
  • Click the Create Application button in the top right.
  • In the pop-up select Regular Web Applications and click Create.
  • Once the Application is created, switch to the Settings tab.
  • Scroll down to the Application URIs section.
  • Set Allowed Callback URLs as: http://localhost:3000/auth/callback
  • Set Allowed Logout URLs as: http://localhost:3000
  • Click Save in the bottom right to save your changes.
To learn more about Auth0 applications, read Applications.
3

Enable CIBA Grant

Enable the CIBA Grant for your Auth0 Application. Go to Applications > [Your Application] > Settings > Advanced > Grant Types and enable the Client Initiated Backchannel Authentication (CIBA) grant type.
4

Enable Guardian Push

Enable Mutli-factor authentication (MFA) with Guardian Push Notifications for your Auth0 tenant. To learn more about MFA with Guardian, read the Auth0 Guardian documentation.
5

Enroll your user to use Auth0 Guardian

To initiate a CIBA push request, the authorizing user must be enrolled in MFA using push notifications. To verify if the authorizing user is enrolled for MFA push notifications in the Auth0 Dashboard, navigate to User Management > Users and click on the user. Under Multi-Factor Authentication, Auth0 lists the factors the user is enrolled in:
User Enrolled in Auth0 Guardian
If the user is not enrolled, you can send an enrollment request by email:
Enable Guardian Push Screenshot
6

OpenAI Platform

Set up an OpenAI account and API key.

Prepare Next.js app

Recommended: To use a starter template, clone the Auth0 AI samples repository:
git clone https://github.com/auth0-samples/auth0-ai-samples.git
cd auth0-ai-samples/authenticate-users/langchain-next-js

Install dependencies

In the root directory of your project, install the following dependencies:
  • @auth0/ai-langchain: Auth0 AI SDK for LangChain built for GenAI applications powered by LangChain.
  • @langchain/langgraph: For building stateful, multi-actor applications with LLMs.
  • langchain: The LangChain library.
  • @langchain/core: LangChain core libraries.
  • @langchain/openai: OpenAI provider for LangChain.
  • langgraph-nextjs-api-passthrough: API passthrough for LangGraph.
npm install @auth0/ai-langchain@3 @langchain/core@0.3 @langchain/langgraph@0.3 @langchain/openai@0.6 langchain@0.3 langgraph-nextjs-api-passthrough@0.1

Update the environment file

Copy the .env.example file to .env.local and update the variables with your Auth0 credentials. You can find your Auth0 domain, client ID, and client secret in the application you created in the Auth0 Dashboard.

Set up Human-in-the-Loop approvals

Integrate the Auth0 AI SDK into your application to secure your async AI agent workflow. For this quickstart, we will use a blocking request flow. In real use cases, often an asynchronous flow is preferred.

Configure the Auth0 AI SDK

To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, withAsyncUserConfirmation(). Let’s create a helper function to wrap the tool with the Async authorizer.Create a file at src/lib/auth0-ai.ts and instantiate a new Auth0 AI SDK client:
src/lib/auth0-ai.ts
import { Auth0AI } from "@auth0/ai-langchain";
import { AccessDeniedInterrupt } from "@auth0/ai/interrupts";

const auth0AI = new Auth0AI();

// CIBA flow for user confirmation
export const withAsyncAuthorization = auth0AI.withAsyncUserConfirmation({
  userID: async (_params, config) => {
    return config?.configurable?._credentials?.user?.sub;
  },
  bindingMessage: async ({ product, qty }) =>
    `Do you want to buy ${qty} ${product}`,
  scopes: ["openid", "product:buy"], // add any scopes you want to use with your API
  audience: process.env["SHOP_API_AUDIENCE"]!,

  /**
   * When this flag is set to `block`, the execution of the tool awaits
   * until the user approves or rejects the request.
   *
   * Given the asynchronous nature of the CIBA flow, this mode
   * is only useful during development.
   *
   * In practice, the process that is awaiting the user confirmation
   * could crash or timeout before the user approves the request.
   */
  onAuthorizationRequest: "block",
  onUnauthorized: async (e: Error) => {
    if (e instanceof AccessDeniedInterrupt) {
      return "The user has denied the request";
    }
    return e.message;
  },
});
This will intercept the tool call to initiate a CIBA request:
  • The CIBA request includes the user ID that will approve the request.
  • Auth0 sends the user a mobile push notification. The AI agent polls the /token endpoint for a user response.
  • The mobile application retrieves the bindingMessage containing the consent details, in this case, the details of the product to purchase.
  • The user responds to the request:
    • If the request is approved, the tool execution will continue.
    • If the request is rejected, the tool execution will not continue.
CIBA sequence diagram

Pass credentials to the tools

Next, add the following code to src/lib/auth0.ts:
src/lib/auth0.ts
//... existing code
export const getUser = async () => {
  const session = await auth0.getSession();
  return session?.user;
};
Update the /src/app/api/chat/[..._path]/route.ts file with the following code. The user will be passed to your LangGraph agent so we can use it from the Auth0 AI SDK to get the current user.
src/app/api/chat/[..._path]/route.ts
import { initApiPassthrough } from "langgraph-nextjs-api-passthrough";

import { getUser } from "@/lib/auth0";

export const { GET, POST, PUT, PATCH, DELETE, OPTIONS, runtime } =
  initApiPassthrough({
    apiUrl: process.env.LANGGRAPH_API_URL,
    baseRoute: "chat/",
    bodyParameters: async (req, body) => {
      if (
        req.nextUrl.pathname.endsWith("/runs/stream") &&
        req.method === "POST"
      ) {
        return {
          ...body,
          config: {
            configurable: {
              _credentials: {
                user: await getUser(),
              },
            },
          },
        };
      }

      return body;
    },
  });

Create a tool to call your API

In this example, we use a tool that buys products on the user’s behalf. When the user approves the transaction, the Auth0 AI SDK retrieves an access token to call the shop’s API. Upon completing the CIBA flow, the AI agent responds with a message confirming the purchase. The Auth0 AI SDK returns an error response if the user denies the transaction.Now, create a file src/lib/tools/shop-online.ts and add the following code:
src/lib/tools/shop-online.ts
import { tool } from "@langchain/core/tools";
import { z } from "zod";

import { getCIBACredentials } from "@auth0/ai-langchain";

export const shopOnlineTool = tool(
  async ({ product, qty, priceLimit }) => {
    console.log(`Ordering ${qty} ${product} with price limit ${priceLimit}`);

    const apiUrl = process.env["SHOP_API_URL"]!;

    if (!apiUrl) {
      // No API set, mock a response
      return `Ordered ${qty} ${product}`;
    }

    const headers = {
      "Content-Type": "application/json",
      Authorization: "",
    };
    const body = {
      product,
      qty,
      priceLimit,
    };

    const credentials = getCIBACredentials();
    const accessToken = credentials?.accessToken;

    if (accessToken) {
      headers["Authorization"] = "Bearer " + accessToken;
    }

    const response = await fetch(apiUrl, {
      method: "POST",
      headers: headers,
      body: JSON.stringify(body),
    });

    return response.statusText;
  },
  {
    name: "shop_online",
    description: "Tool to buy products online",
    schema: z.object({
      product: z.string(),
      qty: z.number(),
      priceLimit: z.number().optional(),
    }),
  }
);

Update environment variables

You need to obtain an API Key from OpenAI or another provider to use an LLM.If you want to use an API, it must be registered with Auth0 and have a valid audience.Update the .env.local file with the following variables:
.env.local
# ... existing variables
# You can use any provider of your choice supported by Vercel AI
OPENAI_API_KEY="YOUR_API_KEY"

# API
SHOP_API_URL=<your-shop-api-url>
SHOP_API_AUDIENCE=sample-shop-api

Require async authorization for your tool

Call the tool from your AI app to make purchases. Update the src/lib/agent.ts file with the following code:
src/lib/agent.ts
//...
import { withAsyncAuthorization } from "./auth0-ai";
import { shopOnlineTool } from "./tools/shop-online";

//... existing code

const tools = [
  //... existing tools
  withAsyncAuthorization(shopOnlineTool),
];

//... existing code

Test the application

Start the application with npm run all:dev. Then, navigate to http://localhost:3000.
This will open the LangGraph Studio in a new tab. You can close it as we won’t require it for testing the application.
You can ask the AI agent to buy a product, for example, “Buy an XYZ phone.” Now, look for a push notification from the Auth0 Guardian app or your custom app integrated with the Auth0 Guardian SDK on your mobile device. Once you approve the notification, you should see the tool being executed and a response from the agent.Explore the example app on GitHub.

Next steps

You have successfully added an authorization step to protect tool calling in asynchronous AI agents. For next steps: