Skip to main content

AgentSDK Methods Reference

The AgentSDK class provides all methods for OAuth 2.1 authentication, agent management, token handling, and event tracking.

OAuth 2.1 / OIDC Authentication

getAuthorizationUrl()

Generate an OAuth 2.1 authorization URL with PKCE for user authentication.
options
AuthorizationUrlOptions
required
Authorization options including redirect URI and scope
Returns: Promise<{ url: string; codeVerifier: string; state: string }>
Parameters:
  • redirectUri (string, required): The callback URL where the user will be redirected after authorization
  • scope (string, optional): Space-separated list of scopes. Default: 'openid profile email agent'
  • state (string, optional): Custom state parameter for CSRF protection. Auto-generated if not provided
Security Notes:
  • PKCE parameters are automatically generated (S256 method)
  • State parameter is auto-generated if not provided for CSRF protection
  • Store codeVerifier and state securely for the callback step

exchangeCode()

Exchange an authorization code for access tokens (OAuth 2.1 with PKCE).
code
string
required
Authorization code from the OAuth callback
state
string
required
State parameter from the OAuth callback (for CSRF validation)
redirectUri
string
required
The same redirect URI used in getAuthorizationUrl()
Returns: Promise<TokenResponse>
Token Response:
Errors:
  • state_mismatch: State parameter doesn’t match (possible CSRF attack)
  • pkce_missing: No code_verifier found (must call getAuthorizationUrl() first)
  • token_exchange_failed: Failed to exchange code for tokens

refreshAccessToken()

Refresh an expired access token using a refresh token.
refreshToken
string
required
Valid refresh token from previous authentication
Returns: Promise<TokenResponse>
Best Practices:
  • Call this method when the access token expires
  • Check token expiration before making API requests
  • If refresh fails, redirect user to re-authenticate

Agent Registration & Management

registerAgent()

Register a new AI agent with the Auth-Agent server.
request
AgentRegistrationRequest
required
Agent registration details
Returns: Promise<AgentRegistrationResponse>
Request Parameters:
  • agent_id (string): Unique identifier for your agent
  • agent_secret (string): Secure secret key (store this securely!)
  • model_name (string): AI model name (e.g., ‘gpt-4’, ‘claude-3’)
  • owner_name (string): Agent owner’s name
  • owner_email (string): Agent owner’s email
Store the agent_secret securely! You’ll need it for certain operations.

authenticateAgent()

Create an authentication session for an agent (legacy challenge-based flow).
request
AgentAuthRequest
required
Agent authentication request
Returns: Promise<AgentAuthResponse>
For most use cases, use the OAuth flow with getAuthorizationUrl() and exchangeCode() instead of this legacy method.

getAgentProfile()

Get the authenticated agent’s profile information.
accessToken
string
required
Valid access token from your storage
Returns: Promise<AgentProfile>
Profile Response:

updateAgentProfile()

Update the agent’s profile information.
accessToken
string
required
Valid access token from your storage
updates
Partial<AgentProfile>
required
Profile fields to update
Returns: Promise<AgentProfile>
Updatable Fields:
  • owner_name: Change the owner’s name
  • model_name: Update the AI model name

getUserInfo()

Get user information from the OpenID Connect userinfo endpoint.
accessToken
string
required
Valid access token from your storage
Returns: Promise<UserInfo>
UserInfo Response:

Event Sending & Logging

sendEvent()

Send custom event data to the Auth-Agent server for tracking and analytics.
accessToken
string
required
Valid access token from your storage
eventData
EventData
required
Event data to send
Returns: Promise<any>
Event Data Fields:
  • event (string, required): Event type/name
  • selector (string, optional): CSS selector or element identifier
  • site (string, optional): Site or domain name
  • evidence (string, optional): Evidence or proof of action
  • result (string, optional): Event result or outcome
  • Additional custom fields are allowed

sendVerifiedClick()

Send a verified click event (convenience method).
accessToken
string
required
Valid access token from your storage
selector
string
required
CSS selector or element identifier
site
string
Site or domain name
evidence
string
Evidence of verification (default: ‘oauth_authenticated’)
Returns: Promise<any>

sendPostRun()

Send a post-run event with execution results.
accessToken
string
required
Valid access token from your storage
selector
string
required
Action or task selector
site
string
required
Site where action was performed
result
string
required
Execution result (truncated to 2000 characters)
Returns: Promise<any>
Results are automatically truncated to 2000 characters to prevent oversized payloads.

AI Verification / Challenge Flow

requestChallenge()

Request a verification challenge from the server.
accessToken
string
required
Valid access token from your storage
Returns: Promise<ChallengeResponse>
Challenge Response:

confirmVerification()

Confirm verification with the challenge response.
accessToken
string
required
Valid access token from your storage
request
VerificationConfirmRequest
required
Verification confirmation data
Returns: Promise<any>

getVerifyStatus()

Get the current verification status.
accessToken
string
required
Valid access token from your storage
Returns: Promise<any>

pollAndAuthenticate()

Poll for a challenge and automatically authenticate (challenge-based flow).
verifyCtxId
string
required
Verification context ID
options
object
Polling options (timeout, interval)
Returns: Promise<boolean>
Options:
  • timeout (number, default: 30000): Total timeout in milliseconds
  • interval (number, default: 2000): Polling interval in milliseconds

Token & Session Management

revokeToken()

Revoke an access token or refresh token.
token
string
required
Token to revoke (access or refresh token)
Returns: Promise<void>
Revoking either token type will invalidate the session. The onTokensRevoked callback is automatically triggered.

introspectToken()

Introspect a token to check its validity and retrieve metadata.
token
string
required
Token to introspect
Returns: Promise<IntrospectionResponse>
Introspection Response:

Error Handling

All methods throw AuthError objects with detailed information:
Common Error Codes:
  • state_mismatch: State parameter mismatch (CSRF protection)
  • pkce_missing: Code verifier not found
  • token_expired: Access token expired
  • forbidden: Insufficient permissions
  • no_refresh_token: Refresh token not provided
  • refresh_failed: Token refresh failed
  • revoke_failed: Token revocation failed
  • introspection_failed: Token introspection failed

Complete Example

Here’s a complete example using multiple SDK methods:

Next Steps

Token Manager

Learn about the TokenManager class

Utilities

Utility functions for PKCE, JWT, and more

Types

Complete TypeScript type definitions

Examples

See practical examples