-
-
ViKeY
Inspiration
AI agents are powerful but dangerous when they have unchecked access to your accounts. I wanted to build an agent that was genuinely trustworthy — one where users always know what it can access and can revoke that access instantly. Auth0 Token Vault made that possible.
What it does
ViKeY is an AI agent that connects your GitHub and Notion accounts. You type a natural language prompt like "save my starred repos to Notion" — Claude AI generates a structured workflow, the agent fetches your real GitHub data using Auth0 Token Vault, and saves everything to a structured Notion database automatically.
How we built it
- I used the Auth0 Token Vault for secure OAuth token storage and management
- FastAPI (Python) for the backend agent orchestration
- Claude AI (Anthropic)for natural language to workflow generation
- GitHub API for fetching starred repositories
- Notion API for creating structured databases
- Vanilla HTML/CSS/JS for the frontend
Challenges we ran into
Getting the Auth0 Token Vault OAuth flow to work end-to-end was the biggest challenge. Managing CORS, session tokens, and callback redirects between the frontend and backend required careful debugging. Ensuring tokens were properly scoped and never exposed to the frontend took significant iteration.
Accomplishments that we're proud of
This was my first time building a fully working end-to-end agentic flow where a user connects GitHub, types a plain English prompt, and sees their real data appear in Notion — all with transparent permissions and one-click revocation. The Token Vault integration also works correctly with minimum required scopes which I had struggled with in the past.
What we learned
AI agents need a fundamentally different security model than regular apps. Token Vault solves the hardest part — secure token storage with proper scoping. I also learned the difference between dynamic OAuth tokens (GitHub) and static integration secrets (Notion) and how to vault both correctly.
What's next for ViKeY — Authorize Your AI to Act
- Add more services (Spotify, Slack, Gmail) via Token Vault
- Implement step-up authentication for high-stakes actions
- Persistent token storage with proper database backend
- Deploy publicly so anyone can use it
Bonus Blog Post
When I jumped into this hackathon, I genuinely thought the heavy lifting would be building the AI agent itself. I was dead wrong,the real nightmare was getting token management right without losing my mind.
The turning point was setting up Auth0 Token Vault for GitHub OAuth. Instead of rolling my own storage (the fast track to a security post-mortem), Token Vault handled the entire flow. The GitHub token stayed secure, scoped perfectly to the agent’s needs, and ready on demand.
The Big Realization for me was when I found out that AI agents need a fundamentally different security model than standard apps. A human logs in and hangs out; an agent acts repeatedly and autonomously while the user is away. Token Vault isn't just a locker; it’s a permission boundary designed for that specific chaos.
I also noticed a cool pattern: dynamic OAuth tokens (GitHub) and static secrets (Notion) require different handling, yet Token Vault manages both flawlessly. Honestly, it saved me hours of debugging weird auth loops and potential leaks.
If I keep building ViKeY, the next move is step-up authentication. Having the agent pause and ask for a quick re-verify before doing something irreversible—like nuking a repo—is where this setup really shines.
My advice would be that Don't be a hero. Don't build your own token management. The attack surface is massive, and the edge cases will haunt you. Auth0 Token Vault solves a genuinely hard problem so you can actually focus on the "AI" part of your AI project. Trust me, your future self (and your users) will thank you.
Built With
- anthropic
- auth0-token-vault
- claude-ai
- css
- fastapi
- github-api
- html
- javascript
- notion-api
- python
Log in or sign up for Devpost to join the conversation.