SecureAssist — AI Agent with Auth0

AI explains OAuth2 — the same auth standard SecureAssist uses internally
SecureAssist dashboard after Auth0 login — private chat session for Kavya Jaiswal
Asking the AI what makes an app secure — while using a secure app to do it

Why I built this

Honestly, I wanted to build something that wasn't just another todo app or weather widget. I kept seeing "build with Auth0" in the hackathon description and had no idea what OAuth even meant two days ago. So I decided — let's figure it out.

What it does

SecureAssist is a web app where you log in with your Google/GitHub account (via Auth0), and then chat with an AI assistant powered by Groq's LLaMA3 model. Each user only sees their own chat history — nothing is shared between accounts.

Simple idea. Harder to build than I expected.

How I built it

Python + Flask for the backend
Auth0 for login (OAuth2 / OpenID Connect)
Groq API with LLaMA3 for AI responses
GitHub Codespaces — literally built the whole thing in a browser tab
No database, no paid services, everything free

The part that actually broke me

The callback URL.

I spent honestly way too long on this one error:

Callback URL mismatch. The provided redirect_uri is not in the list of allowed callback URLs.

The problem was that GitHub Codespaces gives you a dynamic HTTPS URL like https://organic-goggles-xxxxx-5000.app.github.dev — but my Flask app was sending http://localhost:5000/callback to Auth0. Auth0 obviously rejected it.

Fix was two things:

Hardcode the Codespaces URL as the callback in the login route
Add it to Auth0's allowed callback URLs in the dashboard

Sounds simple now. Did not feel simple at 2am.

What I learned

How OAuth2 actually works (not just "it handles login")
The difference between redirect URIs, callback URLs, and logout URLs
How to read an error message instead of just Googling the first line of it
That environment variables are annoying until suddenly they make total sense

What's next

If I keep working on this after the hackathon:

Store chat history in a real database so it persists after server restart
Add different AI "personas" users can switch between
Maybe a voice input option

Bonus Blog Post

I'm going to be honest — I had never heard of OAuth2 before this hackathon. I knew login systems existed, I just assumed someone else built them and we all just used them. Turns out that someone is Auth0, and now I actually understand why.

The idea was simple. Build an AI chatbot. But instead of letting anyone just walk in, make them prove who they are first. Sounds easy. Was not easy.

The first two hours I spent staring at a 404 error that said my Auth0 domain didn't exist. Turns out I literally typed "your-domain.auth0.com" from the tutorial and forgot to replace it. Classic.

Then came the callback URL nightmare. GitHub Codespaces gives you a long dynamically generated HTTPS URL. My Flask app was sending localhost to Auth0. Auth0 said no. I said please. Auth0 still said no. Eventually I hardcoded the Codespaces URL directly into the login route and it finally worked.

Then the Groq model got decommissioned mid-build. Twice.

But every single one of those errors taught me something I couldn't have learned from a tutorial. I now actually understand what a redirect URI is. I understand why tokens exist. I understand why companies pay for Auth0 instead of building their own login system.

I built SecureAssist in two days, in a browser tab using GitHub Codespaces. No local setup. No paid services. Just Python, Flask, Auth0, and a lot of error messages that eventually started making sense.

Built With

api
auth0
codespaces
flask
github
groq
llama3
python

Updates

Kavya Jaiswal started this project — Apr 05, 2026 09:03 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.