AgentDesk — AI Assistant with Auth0 Token Vault

An AI agent that securely manages your calendar, emails, and GitHub issues through Auth0 Token Vault. Demonstrates least-privilege tokens, step-up authentication via CIBA, and full audit logging.

Comment

🎥 Demo Video

Watch the demo video on Google Drive

Inspiration

AI agents are becoming the backbone of developer productivity — but giving them access to user accounts is a security nightmare. Traditional approaches store raw OAuth tokens, creating massive attack surfaces. We asked: what if agents could act on your behalf without ever seeing your credentials?

What it does

AgentDesk is an AI-powered productivity assistant that securely manages:

  • 📅 Calendar — Schedule meetings via Google Calendar
  • 📧 Email — Draft and send emails via Gmail
  • 🐛 GitHub — Create issues and manage repositories

All powered by Auth0 Token Vault, which ensures:

  • Least-privilege tokens: The agent only gets scoped, time-limited credentials for each specific action
  • Step-up auth (CIBA): Sensitive actions like sending emails require real-time user approval
  • Full audit trail: Every token request and API call is logged

How we built it

  • Next.js 14 with App Router and TypeScript
  • Auth0 Token Vault for secure token management and connected accounts
  • CIBA (Client-Initiated Backchannel Authentication) for human-in-the-loop approvals
  • Tailwind CSS for a polished, dark-mode UI

Token Vault Flow

  1. User connects accounts (Google, GitHub) through Auth0
  2. Token Vault stores refresh tokens securely (encrypted, never exposed)
  3. When the agent needs to act, it requests a scoped token from Token Vault
  4. Token Vault evaluates the permission policy (auto-approve vs step-up)
  5. For sensitive scopes, CIBA triggers user approval
  6. Token Vault issues a time-limited, scope-restricted token
  7. Agent executes the API call
  8. Token expires immediately after use

Challenges we ran into

  • Designing the permission policy engine to be both powerful and intuitive
  • Implementing the CIBA flow with real-time approval/denial feedback
  • Balancing security (step-up auth for everything) with usability (auto-approve low-risk actions)
  • Making the audit log informative without overwhelming users

Accomplishments that we're proud of

  • Clean, production-quality UI with four distinct views (Chat, Accounts, Audit, Permissions)
  • The step-up authentication flow feels natural — not like a security interruption
  • The audit log provides genuine visibility into agent behavior
  • The permission policy engine is flexible enough for enterprise use

What we learned

  • Token Vault fundamentally changes the security model for AI agents
  • CIBA is the right pattern for human-in-the-loop agent authorization
  • Least-privilege tokens are essential — agents should never have persistent access
  • Good UX for security features is just as important as the security itself

What's next for AgentDesk

  • Multi-agent orchestration with per-agent permission policies
  • Webhook integration for async CIBA notifications
  • Token usage analytics dashboard
  • Custom policy editor with natural language rules
  • Integration with more services (Slack, Linear, Notion)

Bonus Blog Post

Building AgentDesk: Why Token Vault Changes Everything for AI Agents

When I started building AgentDesk, I had a simple question: how do you let an AI agent send emails on your behalf without giving it the keys to your entire Google account?

The traditional approach is terrifying. You store OAuth tokens in your database, hand them to the agent, and hope nothing goes wrong. One compromised agent, one leaked token, and suddenly an attacker has full access to your user's Gmail, Calendar, and Drive.

Auth0 Token Vault solves this elegantly. Instead of the agent holding tokens, Token Vault acts as a secure intermediary. When my agent needs to create a calendar event, it requests a scoped token from Token Vault — and gets back a time-limited credential that can only create calendar events. Nothing else. The agent never sees the refresh token, never has persistent access, and the credential expires the moment the API call completes.

The real magic is step-up authentication with CIBA. In AgentDesk, reading your calendar is auto-approved — low risk. But sending an email? That triggers a backchannel authentication request. The user gets a real-time approval prompt, decides yes or no, and only then does Token Vault issue the token. It's human-in-the-loop security without breaking the agent's workflow.

Building the audit log was eye-opening. Every single token request, every scope negotiation, every approval — all logged. For enterprise users, this is gold. You can answer "which agent accessed what data, when, and why?" instantly.

The biggest technical hurdle was designing the permission policy engine. I wanted a system where admins could define per-scope rules (auto-approve, require step-up, always deny) and have Token Vault enforce them automatically. The result is a clean UI where you toggle security levels per action, and Token Vault handles the complexity.

My takeaway: AI agents are inevitable. They'll manage our calendars, write our emails, deploy our code. But without proper token security, we're building on quicksand. Token Vault is the foundation that makes agentic AI trustworthy. It's not just a nice-to-have — it's the difference between "cool demo" and "production-ready."

AgentDesk is open source. Try it, break it, and let me know what you'd build with Token Vault.

Built With

  • auth0-for-ai-agents-sdk
  • auth0-token-vault
  • ciba
  • next.js-14
  • react
  • tailwind-css
  • typescript
Share this project:

Updates