• 

  Login Page of Application

• 

  Chat Panel

• 

  Repo Card

• 

  AI Summary in Chat

• 

  Authorization Card Required

• 

  Saved Files Panel

• 

  PDF in Google Drive

• 

  Logout Page

Text Description

RRive is an AI-powered agentic platform that lets users search GitHub repositories, get intelligent summaries powered by Sarvam AI, and save those summaries as PDFs directly to their Google Drive - all with explicit user authorization at every step.

How Token Vault is Used

Token Vault is the core security layer of this application. Instead of storing Google OAuth tokens in the browser or database, Auth0 Token Vault securely manages them server-side. When a user logs in with Google, the app initiates the Connected Accounts flow via Auth0’s My Account API, which stores the Google access and refresh tokens in Token Vault. When the agent needs to save a file to Google Drive, the backend performs a refresh token exchange with Token Vault to retrieve a fresh Google access token - the token never touches the frontend.

Agent Capabilities

• Search GitHub repositories by topic and browse top results by stars
• Summarize any specific GitHub repository using its README via AI
• Answer general knowledge questions via Sarvam AI
• Save any AI-generated summary or answer as a PDF to Google Drive
• Browse all previously saved PDFs from within the app via the Saved Files panel

Auth Flow

The application uses Auth0 Regular Web Application with Authorization Code Flow. After login, the Connected Accounts flow links the user’s Google account to their Auth0 profile. Token Vault stores the Google tokens. On Drive operations, the backend exchanges the Auth0 refresh token for a Google access token via Token Vault's federated connection token exchange - no Google credentials ever reach the browser.

Bonus Blog Post

Inspiration

We are Nisha and Yash, a two-person team - Nisha handling frontend and Yash handling backend - with both of us navigating Auth0 and Google Cloud Console together. RRive is our first fully-stack deployed application, and honestly, it pushed us far beyond anything we had built before. We joined the hackathon around March 20th - more than two weeks late. Hectic schedules, sleepless nights, and an ambitious idea: an AI agent that searches GitHub, summarizes repositories, and saves them to Google Drive, all secured with Token Vault.

What it does

An AI agent that searches GitHub, summarizes repositories, and saves them to Google Drive. The architecture we built is a reusable foundation for any AI agent that needs to act on a user's behalf across multiple services, securely and transparently.

How we built it

The project utilizes FastAPI for the backend and Vite-React for the frontend, deployed on Render and Vercel respectively. We navigated Auth0 and Google Cloud Console together to implement a production-grade authentication system. We used Token Vault to fundamentally change the security model; instead of agents holding credentials directly, Token Vault acts as a secure intermediary where the agent requests access, the user consents explicitly, and tokens never leave the server.

Challenges we ran into

The biggest challenge came early. We had built our authentication on a Single Page Application in Auth0, not knowing Token Vault was supported on Regular Web Applications. When we discovered this, we had to migrate our entire authentication codebase from the frontend to the backend - rewriting Auth0 logic, replacing Bearer token verification with server-side sessions, and restructuring how the frontend communicated with FastAPI. For us, this was our first real experience of what migration actually means in software development. Implementing the Connected Accounts flow was another steep climb. Understanding how Token Vault stores Google OAuth tokens, how the My Account API initiates the consent flow, and how the refresh token exchange retrieves Google access tokens - all of this was completely new territory.

Accomplishments that we're proud of

This project gave us deep, practical knowledge of OAuth flows, token security, and what it means to build a production-grade auth system. We are proud of what we built and even more proud of what we now understand. This hackathon was our most intense learning experience yet.

What we learned

We learned that Token Vault fundamentally changes the security model for AI agents. This pattern is exactly what responsible AI agent authorization should look like. Auth0 was something we had heard about through Okta but never truly understood until now. We now understand that migration in software development is tiring and frustrating, but one of the most valuable things we have ever learned.

What's next for RRive

Looking ahead, RRive can scale significantly. The same Token Vault pattern can extend to Google Calendar for scheduling, Gmail for email automation, GitHub API for creating issues or pull requests, and Slack for team notifications - all with the same explicit user consent model.

Built With

• auth0
• fastapi
• fetchapi
• github
• google-drive
• googleoauth2
• javascript
• python
• react
• render
• sarvam
• uvicorn
• vercel
• vite