AgentSDK Methods Reference
TheAgentSDK class provides all methods for OAuth 2.1 authentication, agent management, token handling, and event tracking.
OAuth 2.1 / OIDC Authentication
getAuthorizationUrl()
Generate an OAuth 2.1 authorization URL with PKCE for user authentication.Authorization options including redirect URI and scope
Promise<{ url: string; codeVerifier: string; state: string }>
redirectUri(string, required): The callback URL where the user will be redirected after authorizationscope(string, optional): Space-separated list of scopes. Default:'openid profile email agent'state(string, optional): Custom state parameter for CSRF protection. Auto-generated if not provided
- PKCE parameters are automatically generated (S256 method)
- State parameter is auto-generated if not provided for CSRF protection
- Store
codeVerifierandstatesecurely for the callback step
exchangeCode()
Exchange an authorization code for access tokens (OAuth 2.1 with PKCE).Authorization code from the OAuth callback
State parameter from the OAuth callback (for CSRF validation)
The same redirect URI used in getAuthorizationUrl()
Promise<TokenResponse>
state_mismatch: State parameter doesn’t match (possible CSRF attack)pkce_missing: No code_verifier found (must call getAuthorizationUrl() first)token_exchange_failed: Failed to exchange code for tokens
refreshAccessToken()
Refresh an expired access token using a refresh token.Valid refresh token from previous authentication
Promise<TokenResponse>
- Call this method when the access token expires
- Check token expiration before making API requests
- If refresh fails, redirect user to re-authenticate
Agent Registration & Management
registerAgent()
Register a new AI agent with the Auth-Agent server.Agent registration details
Promise<AgentRegistrationResponse>
agent_id(string): Unique identifier for your agentagent_secret(string): Secure secret key (store this securely!)model_name(string): AI model name (e.g., ‘gpt-4’, ‘claude-3’)owner_name(string): Agent owner’s nameowner_email(string): Agent owner’s email
authenticateAgent()
Create an authentication session for an agent (legacy challenge-based flow).Agent authentication request
Promise<AgentAuthResponse>
For most use cases, use the OAuth flow with
getAuthorizationUrl() and
exchangeCode() instead of this legacy method.getAgentProfile()
Get the authenticated agent’s profile information.Valid access token from your storage
Promise<AgentProfile>
updateAgentProfile()
Update the agent’s profile information.Valid access token from your storage
Profile fields to update
Promise<AgentProfile>
owner_name: Change the owner’s namemodel_name: Update the AI model name
getUserInfo()
Get user information from the OpenID Connect userinfo endpoint.Valid access token from your storage
Promise<UserInfo>
Event Sending & Logging
sendEvent()
Send custom event data to the Auth-Agent server for tracking and analytics.Valid access token from your storage
Event data to send
Promise<any>
event(string, required): Event type/nameselector(string, optional): CSS selector or element identifiersite(string, optional): Site or domain nameevidence(string, optional): Evidence or proof of actionresult(string, optional): Event result or outcome- Additional custom fields are allowed
sendVerifiedClick()
Send a verified click event (convenience method).Valid access token from your storage
CSS selector or element identifier
Site or domain name
Evidence of verification (default: ‘oauth_authenticated’)
Promise<any>
sendPostRun()
Send a post-run event with execution results.Valid access token from your storage
Action or task selector
Site where action was performed
Execution result (truncated to 2000 characters)
Promise<any>
Results are automatically truncated to 2000 characters to prevent oversized
payloads.
AI Verification / Challenge Flow
requestChallenge()
Request a verification challenge from the server.Valid access token from your storage
Promise<ChallengeResponse>
confirmVerification()
Confirm verification with the challenge response.Valid access token from your storage
Verification confirmation data
Promise<any>
getVerifyStatus()
Get the current verification status.Valid access token from your storage
Promise<any>
pollAndAuthenticate()
Poll for a challenge and automatically authenticate (challenge-based flow).Verification context ID
Polling options (timeout, interval)
Promise<boolean>
timeout(number, default: 30000): Total timeout in millisecondsinterval(number, default: 2000): Polling interval in milliseconds
Token & Session Management
revokeToken()
Revoke an access token or refresh token.Token to revoke (access or refresh token)
Promise<void>
Revoking either token type will invalidate the session. The
onTokensRevoked
callback is automatically triggered.introspectToken()
Introspect a token to check its validity and retrieve metadata.Token to introspect
Promise<IntrospectionResponse>
Error Handling
All methods throwAuthError objects with detailed information:
state_mismatch: State parameter mismatch (CSRF protection)pkce_missing: Code verifier not foundtoken_expired: Access token expiredforbidden: Insufficient permissionsno_refresh_token: Refresh token not providedrefresh_failed: Token refresh failedrevoke_failed: Token revocation failedintrospection_failed: Token introspection failed
Complete Example
Here’s a complete example using multiple SDK methods:Next Steps
Token Manager
Learn about the TokenManager class
Utilities
Utility functions for PKCE, JWT, and more
Types
Complete TypeScript type definitions
Examples
See practical examples