Welcome
Hello Workshop Atendee, or Internet User,
Auth0 is a Developer
Platform, and we provide tooling so developers and companies can build tools we
all love and use everyday, securely.
In this workshop, you'll build an AI Agent, AI-native service that can be easily integrated into various AI workflows. Complete with an Agent, and MCP Server, all secured by Auth0.
Story
DemoTradePro Corp offers a fictional Stock Trading for fictional universes. Due to the increasing demand in AI Agents, and Agentic web they have determined that they must find a way to expose their stock trading platform in more convenient ways to human & non-human identities, but only with proper authentication and authorization always keeping humans-in-the-loop.
Existing Components
For the purpose of this workshop we will use shared services that are provided to us, these mimic how companies have deployed applications today:
DemoTradePro Web Application - this is a stock trading web application that end-users can use to trade stocks and that developers can use to create OIDC clients (allowing API access).
- Stock API - this API Server hosts the business logic for the Stock Trading API and is accessible to the web application and your external API clients.
- Identity Provider -
Auth0 is the Identity Provider for your agent clients and APIs, as well as the core Demo Trade Pro services.
Before we begin, please make sure you visit DemoTradePro Web Application and create an account. We will leverage this account throughout the workshop as your "Demo Trade Pro" account; the agent will get delegated access to this account.
For extra credits, you may wish to make a few trades in the web application, so that we can see the portfolio in action.
Repeatable Patterns towards an AI Native Platform
You'll learn how to apply a repeatable pattern that can be applied to any API or service, whether they are existing apps & services or you are creating them from scratch.
- Start with a basic chatbot - we'll first build a Simple AI conversation interface.
- Add public tools - Connect to DemoTradePRO API Endpoints that don't require authentication.
- Add user authentication - Make the agent aware of who's using it.
- Add authenticated tools - Access user-specific context & data, whether internally or externally exposed, in a safe & secure way.
- Package as an
MCP Server - Wrap everything into a reusable component which can also be used by
Claude,
Cursor,
ChatGPT apps or any AI Agent.
While we're using DemoTradePro as our example, the final agent architecture you'll build can sit in front of any existing API. The authentication patterns, tool calling mechanisms, and MCP packaging you'll learn here are universally applicable.
By the end of this workshop, you'll have a functioning agent for turning any API into an AI-native service that can be easily integrated into various AI workflows.
Complete Architecture Overview
Key Security Concepts
- Leveraging Short-lived tokens - create short-lived, fine-grained access tokens ensuring a minimal blast radius if a token is ever compromised.
- Federated Login with OIDC - Enable users to login to one application using credentials from a different, external identity provider using OpenID Connect.
On-Behalf-Of (OBO) - Enable users to delegate work to agents, and allow them to obtain API access tokens and perform actions on behalf of users.
Client Initiated Backchannel Authentication - Allow clients to initiate authentication requests on behalf of users, and receive tokens asynchronously once the user approves on a separate device.
Prerequisites
This workshop leverages Typescript and the Vercel AI SDK, the final agent can be deployed to
Vercel. All the necessary tools, and libraries are included in your starter kit and will automatically be installed, but we require the following dependencies:
If you are having trouble installing these please consult the helpers in the workshop.
Use the sidebar to begin with Local Setup →