FinEasy

Your Secure AI finance agent — monitors spending, tracks bills, and pays them securely so you never miss a due date.

Comment

Inspiration

Managing personal finances is stressful. Between checking account balances, tracking upcoming bills, and avoiding late payments — it's a lot to juggle. We wanted to build an AI agent that could handle all of this for you, but in a way that feels safe and trustworthy. The Auth0 "Authorized to Act" Hackathon was the perfect prompt: what if an AI could act on your behalf, but only within strict boundaries you control?

What it does

FinEasy is an AI-powered personal finance agent that:

  • Checks your checking and savings account balances
  • Analyzes your spending patterns and flags unusual activity
  • Tracks your upcoming bills sorted by due date
  • Pays bills on your behalf — but only after asking for your explicit confirmation
  • Views your investment portfolio (read-only — it can never make trades)
  • Sends you email alerts for important financial events
  • Everything happens through a simple chat interface. You ask, the agent acts — but only for what it's authorized to do.

How we built it

  • Auth0 Token Vault to securely store and manage per-service tokens in user metadata — tokens are never exposed to the browser
  • Auth0 Management API (M2M) to read and update token vault entries server-side
  • Next.js 16 for the full-stack framework (App Router)
  • GPT-4o via Vercel AI SDK v6 for the conversational AI agent with real-time streaming
  • Mock financial APIs for checking, savings, investments, and bills
  • Resend for sending real email alerts and bill payment confirmations
  • Tailwind CSS v4 for the UI
  • Zod for schema validation across all API routes

Challenges we ran into

  • Auth0 SDK v4 breaking changes — the new @auth0/nextjs-auth0 v4 API is significantly different from older tutorials, so we had to carefully read the latest docs to get session management right.
  • Vercel AI SDK v6 breaking changes — many community examples use older versions. We had to navigate breaking changes in streaming, tool definitions, and response handling.
  • Token revocation timing — ensuring that when a user revokes a service, the agent immediately loses access (no stale cache) required fetching tokens fresh from Auth0 on every tool call.
  • Preventing runaway AI loops — we used stepCountIs(8) to cap how many tool calls the agent can chain together in one response.

Accomplishments that we're proud of

  • Triple-layer write protection for bill payments — enforced at the system prompt level, the tool level, and the API route level
  • Architectural read-only enforcement for investments — the investment API has no POST route at all, making trading structurally impossible, not just policy-based
  • Zero client-side token exposure — tokens are fetched server-side at execution time and never stored in localStorage or cookies
  • Real-time audit log — every agent action is logged with a masked token preview and timestamp, giving users full transparency -Clean, intuitive UI — connect/revoke services in one click, with a live connection status counter

What we learned

  • AI agents need explicit authorization boundaries — giving an agent broad access and trusting its judgment isn't enough. Permissions must be enforced at the infrastructure level.
  • Read vs. write scopes matter more than people think — the difference between "can view" and "can act" is huge, especially with financial data.
  • Auth0 Token Vault is a powerful pattern for agent authorization — storing per-service tokens in user metadata makes revocation immediate and granular.
  • Building with the latest SDK versions (Auth0 v4, Vercel AI SDK v6) requires hands-on experimentation since community resources often lag behind.

What's next for FinEasy

  • Real OAuth connections to actual financial services instead of mock APIs
  • Spending budgets — let the agent warn you when you're close to a category limit
  • Recurring bill automation — agent pays regular bills automatically based on user-defined rules
  • Multi-user support with household/family account sharing
  • Mobile app so your finance agent is always in your pocket

Bonus Blog Post

The beginning

This is the first time I used Auth0 for my project. I had to start from ground Zero with the documentation and the Auth0 management portal. I read the documentation and the worked on the sample applications given on the Get Started section for NextJS. ( https://auth0.com/docs/quickstart/webapp/nextjs).

Challenges

Initially it was overwhelming to start the tenant and the various configuration provided on the management portal of Auth0. But with the help of docs I sailed through. After getting acquainted with Auth0 NextJS application with Token Vault, the major challenge was deciding the topic. Since finance is one the most discussed topics in cyber security , I chose Finance Application for the hackathon.

Tech Stack

Initially was thinking for FastAPI and NextJS for Backend and Frontend respectively, but then found Vercel AI SDK better than Python packages which helped managing the project within a single NextJS application and reduced the deployment effort by 40% on Vercel platform. Selecting Open AI models was quick and easy choice.

Auth0 Token Vault.

Integration of Auth0 using in NextJS application was supported by the sample applications. Required configuration on Auth0 management portal was minimal and very fast. Overall features provided by Auth0 token vault is amazing and it provides individual service level control when using Agent AI based application

Built With

  • auth-management-api
  • auth0
  • auth0-token-vault
  • auth0-user-metadata
  • gpt-40
  • nextjs
  • openai
  • typescript
  • vercelai-sdk
  • zod
Share this project:

Updates