Skip to content

Commit b71f12d

Browse files
authored
Mason/agent auth (#152)
* Add Agent Auth documentation Add documentation for the Agent Auth feature including overview, hosted UI, programmatic usage, credentials management, session monitoring, and early preview information. Also adds MCP CLI reference to docs.json. * Update status values in Agent Auth documentation to use uppercase constants for consistency and clarity * docs: Remove "NEW" badges from feature list * Update Agent Auth documentation to use uppercase status constants for consistency across all sections * docs(agent-auth): add auto-login and update flows * docs(agent-auth): update target_domain to domain param * docs(agent-auth): update wording on credential exposure * docs(session-monitoring): update diagrams and tips * docs(credentials): document TOTP secret for 2FA * docs(credentials): Add 2FA setup instructions with TOTP * docs: Update agent auth docs structure * docs: Rewrite and condense Agent Auth overview * docs(auth): update docs for new invocation flow (#155) * docs(auth): update docs for new invocation flow * docs: Add section on updating existing credentials * docs(agent-auth): update status handling examples * docs(auth): move files to agents/auth directory * docs(auth): update and clarify auth agent docs * docs(auth): update early preview SDK URLs * docs(auth): add SSO and external action docs * docs(auth): update preview SDK and Python URLs * docs(auth): reorganize and update authentication documentation - Renamed "Agents" group to "Agent Auth" in docs.json for clarity. - Removed the "Auto-Login" section from early preview documentation as it is now covered in the main docs. - Updated "Credentials" section to reflect the new "Credentials Vault" terminology and streamlined content. - Consolidated and clarified the "Hosted UI" documentation to emphasize its role in user authentication. - Removed the "Session Monitoring" documentation as it is no longer relevant. - Enhanced overall structure and readability of the authentication documentation. * docs(auth): enhance authentication documentation with code examples and clarity - Updated "Credentials" section to simplify language and improve clarity on automated authentication. - Revised "Hosted UI" documentation to include clearer code examples for creating auth agents and handling login flows. - Streamlined the "Programmatic" flow section, consolidating steps and providing comprehensive code snippets for better understanding. - Improved overall structure and readability across all sections to facilitate easier navigation and comprehension. * docs: Update SDK dependency URLs in guide * Refactor Agent Auth docs: simplify framing and examples - Change framing to 'Create authenticated browser sessions for your automations' - Simplify polling examples to single unified loop pattern - Add CodeGroups with TypeScript + Python for all code examples - Remove jargon (form discovery, idempotent, etc.) - Add SSO/OAuth and TOTP sections to credentials.mdx - Use realistic domains (netflix, linkedin, github, doordash) - Recommend Hosted UI as primary integration path * docs(auth): update preview SDK install URLs * docs(auth): update SDK preview URLs in docs * Restructure auth docs: move from agents/auth/ to auth/agent/ - Move agent auth docs from agents/auth/ to auth/agent/ directory - Move credentials to auth/credentials.mdx (sibling to agent/) - Update docs.json navigation paths - Add post_login_url documentation in Adding Features section - Update examples to show page.goto() usage for clarity * Update early preview SDK versions to 0.26.0 * Add Go SDK installation instructions (v0.26.0) to early preview * Fix Go SDK module name to github.com/kernel/kernel-go-sdk * docs(1password): add 1Password integration guide * docs: Update SDK versions in early preview guide * docs: Update API Reference OpenAPI spec URL * docs: Update API URL to use HTTPS
1 parent 1634b07 commit b71f12d

File tree

9 files changed

+1266
-3
lines changed

9 files changed

+1266
-3
lines changed

auth/agent/early-preview.mdx

Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
---
2+
title: "Early Preview"
3+
description: "Agent Auth early preview documentation"
4+
---
5+
6+
<Info>
7+
Agent Auth is now documented in the main docs. See the pages below for current documentation.
8+
</Info>
9+
10+
<CardGroup cols={2}>
11+
<Card title="Overview" icon="book" href="/auth/agent/overview">
12+
Introduction to Agent Auth and key concepts
13+
</Card>
14+
<Card title="Hosted UI" icon="browser" href="/auth/agent/hosted-ui">
15+
Redirect users to complete login themselves
16+
</Card>
17+
<Card title="Programmatic" icon="code" href="/auth/agent/programmatic">
18+
Build custom auth flows with full control
19+
</Card>
20+
<Card title="Credentials" icon="key" href="/auth/credentials">
21+
Store credentials for automated re-auth
22+
</Card>
23+
</CardGroup>
24+
25+
## Early Preview SDK Installation
26+
27+
For early preview testers, install the preview SDK:
28+
29+
**TypeScript/Node.js:**
30+
31+
```json
32+
{
33+
"dependencies": {
34+
"@onkernel/sdk": "0.27.0"
35+
}
36+
}
37+
```
38+
39+
**Python (requirements.txt):**
40+
41+
```
42+
kernel==0.27.0
43+
```
44+
45+
Or in pyproject.toml:
46+
47+
```toml
48+
[project]
49+
dependencies = [
50+
"kernel==0.27.0",
51+
]
52+
```
53+
54+
**Go:**
55+
56+
```bash
57+
go get -u 'github.com/kernel/kernel-go-sdk@v0.27.0'
58+
```
59+
60+
Or in go.mod:
61+
62+
```go
63+
require github.com/kernel/kernel-go-sdk v0.27.0
64+
```
65+
66+
## Support
67+
68+
Questions or issues? Reach out to us on Slack!

auth/agent/hosted-ui.mdx

Lines changed: 308 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,308 @@
1+
---
2+
title: "Hosted UI"
3+
description: "The simplest way to create authenticated browser sessions"
4+
---
5+
6+
Collect credentials via Kernel's hosted page, then use the authenticated session in your automations. This is the recommended approach for most applications.
7+
8+
Use the Hosted UI when:
9+
- You need users to provide their credentials
10+
- You want the simplest integration with minimal code
11+
- You want Kernel to handle 2FA and multi-step login flows
12+
13+
## Getting started
14+
15+
### 1. Create an Auth Agent
16+
17+
An Auth Agent represents a login session for a specific website and profile.
18+
19+
<CodeGroup>
20+
```typescript TypeScript
21+
const agent = await kernel.agents.auth.create({
22+
domain: 'linkedin.com',
23+
profile_name: 'linkedin-profile',
24+
});
25+
```
26+
27+
```python Python
28+
agent = await kernel.agents.auth.create(
29+
domain="linkedin.com",
30+
profile_name="linkedin-profile",
31+
)
32+
```
33+
</CodeGroup>
34+
35+
### 2. Start Authentication
36+
37+
Create an invocation to get the hosted login URL.
38+
39+
<CodeGroup>
40+
```typescript TypeScript
41+
const invocation = await kernel.agents.auth.invocations.create({
42+
auth_agent_id: agent.id,
43+
});
44+
```
45+
46+
```python Python
47+
invocation = await kernel.agents.auth.invocations.create(
48+
auth_agent_id=agent.id,
49+
)
50+
```
51+
</CodeGroup>
52+
53+
### 3. Collect Credentials
54+
55+
Send the user to the hosted login page:
56+
57+
<CodeGroup>
58+
```typescript TypeScript
59+
window.location.href = invocation.hosted_url;
60+
```
61+
62+
```python Python
63+
# Return the URL to your frontend
64+
print(f"Redirect to: {invocation.hosted_url}")
65+
```
66+
</CodeGroup>
67+
68+
The user will:
69+
1. See the login page for the target website
70+
2. Enter their credentials
71+
3. Complete 2FA if needed
72+
73+
### 4. Poll for Completion
74+
75+
On your backend, poll until authentication completes:
76+
77+
<CodeGroup>
78+
```typescript TypeScript
79+
let state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
80+
81+
while (state.status === 'IN_PROGRESS') {
82+
await new Promise(r => setTimeout(r, 2000));
83+
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
84+
}
85+
86+
if (state.status === 'SUCCESS') {
87+
console.log('Authentication successful!');
88+
}
89+
```
90+
91+
```python Python
92+
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id)
93+
94+
while state.status == "IN_PROGRESS":
95+
await asyncio.sleep(2)
96+
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id)
97+
98+
if state.status == "SUCCESS":
99+
print("Authentication successful!")
100+
```
101+
</CodeGroup>
102+
103+
<Info>
104+
Poll every 2 seconds. The session expires after 5 minutes if not completed.
105+
</Info>
106+
107+
### 5. Use the Profile
108+
109+
Create browsers with the profile and navigate to the site—the session is already authenticated:
110+
111+
<CodeGroup>
112+
```typescript TypeScript
113+
const browser = await kernel.browsers.create({
114+
profile: { name: 'linkedin-profile' },
115+
stealth: true,
116+
});
117+
118+
// Navigate to the site—you're already logged in
119+
await page.goto('https://linkedin.com');
120+
```
121+
122+
```python Python
123+
browser = await kernel.browsers.create(
124+
profile={"name": "linkedin-profile"},
125+
stealth=True,
126+
)
127+
128+
# Navigate to the site—you're already logged in
129+
await page.goto("https://linkedin.com")
130+
```
131+
</CodeGroup>
132+
133+
<Info>
134+
Use `stealth: true` when creating browsers for authenticated sessions.
135+
</Info>
136+
137+
138+
## Complete Example
139+
140+
<CodeGroup>
141+
```typescript TypeScript
142+
import Kernel from '@onkernel/sdk';
143+
144+
const kernel = new Kernel();
145+
146+
// Create auth agent
147+
const agent = await kernel.agents.auth.create({
148+
domain: 'doordash.com',
149+
profile_name: 'doordash-user-123',
150+
});
151+
152+
// Start authentication
153+
const invocation = await kernel.agents.auth.invocations.create({
154+
auth_agent_id: agent.id,
155+
});
156+
157+
// Send user to hosted page
158+
console.log('Login URL:', invocation.hosted_url);
159+
160+
// Poll for completion
161+
let state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
162+
while (state.status === 'IN_PROGRESS') {
163+
await new Promise(r => setTimeout(r, 2000));
164+
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
165+
}
166+
167+
if (state.status === 'SUCCESS') {
168+
const browser = await kernel.browsers.create({
169+
profile: { name: 'doordash-user-123' },
170+
stealth: true,
171+
});
172+
173+
// Navigate to the site—you're already logged in
174+
await page.goto('https://doordash.com');
175+
}
176+
```
177+
178+
```python Python
179+
from kernel import Kernel
180+
import asyncio
181+
182+
kernel = Kernel()
183+
184+
# Create auth agent
185+
agent = await kernel.agents.auth.create(
186+
domain="doordash.com",
187+
profile_name="doordash-user-123",
188+
)
189+
190+
# Start authentication
191+
invocation = await kernel.agents.auth.invocations.create(
192+
auth_agent_id=agent.id,
193+
)
194+
195+
# Send user to hosted page
196+
print(f"Login URL: {invocation.hosted_url}")
197+
198+
# Poll for completion
199+
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id)
200+
while state.status == "IN_PROGRESS":
201+
await asyncio.sleep(2)
202+
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id)
203+
204+
if state.status == "SUCCESS":
205+
browser = await kernel.browsers.create(
206+
profile={"name": "doordash-user-123"},
207+
stealth=True,
208+
)
209+
210+
# Navigate to the site—you're already logged in
211+
await page.goto("https://doordash.com")
212+
```
213+
</CodeGroup>
214+
215+
## Adding Features
216+
217+
The basic flow above gets you started. Add these features as needed:
218+
219+
### Save Credentials for Auto-Reauth
220+
221+
Capture the user's credentials during login so future sessions can re-authenticate automatically when the session expires:
222+
223+
<CodeGroup>
224+
```typescript TypeScript
225+
const invocation = await kernel.agents.auth.invocations.create({
226+
auth_agent_id: agent.id,
227+
save_credential_as: 'my-saved-creds',
228+
});
229+
```
230+
231+
```python Python
232+
invocation = await kernel.agents.auth.invocations.create(
233+
auth_agent_id=agent.id,
234+
save_credential_as="my-saved-creds",
235+
)
236+
```
237+
</CodeGroup>
238+
239+
After successful login, future invocations for this agent will automatically use the saved credentials—no user interaction needed. See [Credentials](/auth/credentials) for more on automated authentication.
240+
241+
### Custom Login URL
242+
243+
If the site's login page isn't at the default location, specify it when creating the agent:
244+
245+
<CodeGroup>
246+
```typescript TypeScript
247+
const agent = await kernel.agents.auth.create({
248+
domain: 'example.com',
249+
profile_name: 'my-profile',
250+
login_url: 'https://example.com/auth/signin',
251+
});
252+
```
253+
254+
```python Python
255+
agent = await kernel.agents.auth.create(
256+
domain="example.com",
257+
profile_name="my-profile",
258+
login_url="https://example.com/auth/signin",
259+
)
260+
```
261+
</CodeGroup>
262+
263+
### SSO/OAuth Support
264+
265+
For sites with "Sign in with Google/GitHub/Microsoft", add the OAuth provider's domains to `allowed_domains`:
266+
267+
<CodeGroup>
268+
```typescript TypeScript
269+
const agent = await kernel.agents.auth.create({
270+
domain: 'example.com',
271+
profile_name: 'my-profile',
272+
allowed_domains: ['accounts.google.com', 'google.com'],
273+
});
274+
```
275+
276+
```python Python
277+
agent = await kernel.agents.auth.create(
278+
domain="example.com",
279+
profile_name="my-profile",
280+
allowed_domains=["accounts.google.com", "google.com"],
281+
)
282+
```
283+
</CodeGroup>
284+
285+
The user can click the SSO button on the hosted page, complete OAuth with the provider, and the authenticated session is saved to the profile.
286+
287+
### Post-Login URL
288+
289+
After successful authentication, retrieve the auth agent to get `post_login_url`—the page where the login landed. Use this to start your automation from the right place:
290+
291+
<CodeGroup>
292+
```typescript TypeScript
293+
const authAgent = await kernel.agents.auth.retrieve(agent.id);
294+
295+
if (authAgent.post_login_url) {
296+
await page.goto(authAgent.post_login_url);
297+
// Start automation from the dashboard/home page
298+
}
299+
```
300+
301+
```python Python
302+
auth_agent = await kernel.agents.auth.retrieve(agent.id)
303+
304+
if auth_agent.post_login_url:
305+
await page.goto(auth_agent.post_login_url)
306+
# Start automation from the dashboard/home page
307+
```
308+
</CodeGroup>

0 commit comments

Comments
 (0)