# Secure LangGraph Agents with Auth0 & Google Calendar Access ## Metadata - **Published:** 5/5/2025 - **Duration:** 19 minutes - **YouTube URL:** https://youtube.com/watch?v=mT6HqSgWbVs - **Channel:** nerding.io ## Description Checkout my GenKit boilerplate: https://aifirebasestarter.dev/ In this video, we show how to securely connect #langgraph #agents to user-specific data like Google Calendar using #auth0 for authentication and authorization. This setup lets your AI agents access personalized, permissioned data (e.g., a user’s calendar events) while maintaining secure OAuth flows and scoped access—essential for any production-ready AI assistant. 🧠 What You’ll Learn: ✅ How to authenticate users with Auth0 + OAuth2 ✅ How to access Google Calendar data securely inside Lang Graph ✅ How to persist tokens and use them inside agent steps ✅ How to make LangGraph agents context-aware with personal info ✅ Tips for scoping, refreshing tokens, and keeping it secure 🔒 Why This Matters Building AI agents that interact with real user data—like calendars, contacts, or docs—requires more than clever prompts. You need secure auth, scoped access, and clear data boundaries. This tutorial gives you a foundation to do exactly that using Auth0 + LangGraph. 🎯 Use Cases: - AI scheduling assistants - CRM-aware sales agents - Personalized productivity bots - Privacy-focused enterprise assistants 🔗 Resources & Links: 👉 Auth0 GenAI Intro: https://auth0.com/blog/introducing-auth-for-genai-launching-identity-for-ai-agents 👉 Auth0 Quickstart: https://auth0.com/blog/genai-tool-calling-build-agent-that-calls-gmail-securely-with-langgraph-vercelai-nextjs/ 👉 Assistant Repo: https://github.com/auth0-samples/auth0-assistant0 📩 Newsletter: https://sendfox.com/nerdingio 📞 Book a Call: https://calendar.app.google/M1iU6X2x18metzDeA 📌 Chapters: 00:00 Intro 00:23 Docs 02:44 Setup 07:30 Repo 09:56 Demo 14:06 Code 16:45 Tracing 19:27 Final Thoughts ⤵️ Let’s Connect: 🌐 https://nerding.io 🐦 Twitter: https://twitter.com/nerding_io 💼 LinkedIn: https://www.linkedin.com/in/jdfiscus/ 🚀 Ever Efficient AI: https://everefficient.ai 💬 How are you integrating user data into your AI workflows? Let’s talk security and scale in the comments. 👇 👍 Like & Subscribe for more AI agents, secure integrations, and advanced automation builds! ## Key Highlights ### 1. Auth0 + LangGraph = Secure AI Agents JD explores how to integrate Auth0 for authentication and authorization within LangGraph-based AI agents, enhancing security in agentic workflows. ### 2. Access Google Services Securely The video demonstrates how to use Auth0 to grant AI agents secure access to Google services like Calendar, Gmail, and Drive using OAuth 2.0 and API scopes. ### 3. Tool Calling for Data Retrieval Learn how tool calling enables AI agents to pull data from external sources, such as Google Calendar, using Auth0 for secure authentication and authorization. ### 4. Open Source Project Setup Walkthrough JD provides a step-by-step guide on setting up the Auth0 assistant zero project from GitHub, configuring credentials, and enabling Google APIs. ### 5. Debugging with LangSmith The video highlights the importance of tracing and debugging tools using LangSmith to understand the flow of information within LangGraph agents and pinpoint issues. ## Summary Here's a comprehensive summary document for the video "Secure LangGraph Agents with Auth0 & Google Calendar Access": **1. Executive Summary** This video demonstrates how to securely connect LangGraph-based AI agents to user-specific data like Google Calendar using Auth0 for authentication and authorization. It provides a step-by-step guide for setting up an Auth0 application, configuring Google API access, and integrating these components into a LangGraph agent to enable secure, personalized data access. **2. Main Topics Covered** * **Auth0 Authentication & Authorization:** Using Auth0 for user authentication and authorization in AI agent workflows. * **Secure Google Calendar Access:** Accessing Google Calendar data securely within LangGraph using OAuth 2.0 and scoped permissions. * **Token Persistence & Usage:** Persisting authentication tokens and using them within agent steps to access user data. * **Context-Aware Agents:** Building LangGraph agents that are context-aware through personalized user data. * **LangGraph Project Setup:** Step-by-step instructions on setting up the Auth0 assistant zero project from GitHub. * **Tracing and Debugging with LangSmith:** Using LangSmith to understand data flow within agents. **3. Key Takeaways** * Integrating Auth0 with LangGraph enables secure access to user data, crucial for production-ready AI assistants. * OAuth 2.0 and scoped access control are essential for protecting user data and maintaining privacy. * The Auth0 assistant zero project provides a practical starting point for building secure AI agents with Google Calendar integration. * Token management (persistence and refreshing) is critical for maintaining secure and continuous data access. * Tracing tools like LangSmith are vital for debugging and understanding the flow of information within complex LangGraph agents. * GenKit boilerplate: a Firebase and Nex.js starter kit that comes with AI powered apps. **4. Notable Quotes or Examples** * "With that, let's go ahead and get started. All right, so I've actually been waiting for this to come out for a while. I really like Ozero stuff and the fact that you can actually have authentication through Ozero in your agentic workflows and AI agents is super cool in my opinion." * "...what this means is you're going to have a user, you're going to have your AI agent, and then you can use O to either pull from the uh external entities." * [Example] Querying the AI agent to retrieve calendar events: "What events do I have this week?" **5. Target Audience** * AI developers and engineers * Individuals interested in building secure, production-ready AI agents * Those who want to integrate AI agents with user-specific data, such as Google Calendar * Developers familiar with LangGraph, Auth0, and OAuth 2.0 concepts ## Full Transcript Hey everyone, welcome to Nerding.io. I'm JD and today we're going to take a look at how you can build an AI agent with authentication. So what we're going to be leveraging is Langraph and Ozero. With that, let's go ahead and get started. All right, so I've actually been waiting for this to come out for a while. I really like Ozero stuff and the fact that you can actually have authentication through Ozero in your agentic workflows and AI agents is super cool in my opinion. So they mentioned it about a month ago and uh it being in developer preview but then they actually released a uh uh a project. So you can use lang chain llama index uh gen kit which is another thing that I'm super into right now. Uh and then the AI SDK by Verscell. They also allow like fast API. So they're really focusing on both JavaScript and Python which is great for uh for building AI applications. So what we're going to be doing is we're actually going to take their project and we'll um go through how you can set it up. So what this means is you're going to have a user, you're going to have your AI agent, and then you can use O to either pull from the uh external entities. So being able to log in directly with uh for instance Google but then also get access based on things like Slack or uh Gmail Ical or Gcalendar uh as well as like Google Drive and then actually be able to chat with it as an assistant. So in their blog post they uh talk about how you can actually use tool calling to pull that information back and how you can set up your Ozero uh AI SDK or even just use the Ozero uh Nex.js SDK. We're going to pull this repo down and we're going to get it set up and I'll walk you through the steps of how you can actually set this up with Ozero. So, you're going to need an Ozero account. And what we'll be doing is basically creating this uh this repo. And I'll I'll put this blog post in the description. But first things first, let's go ahead and go into uh Ozero. So, if you go ahead and click sign up or login, whichever one works. And once you're in here, you just want to go ahead and create an application. So, I actually already have an application. Uh you can just do like a regular application if you want, but you need to go ahead and create an application. Once you create an application, you're going to go ahead and look at your settings. So they have like this quick start. Um you can go ahead and kind of quick click click through that and just start with your settings. So the first thing you're going to notice is that this Gen AI is a specific type of domain that gives you access. So, you're going to need your domain, your client ID, and your client secret. And then you're also going to need to set up uh the Google uh authentication so that you can actually have a um a you actually have to set up a Google application so that you can actually log in. So, what we're going to do is we're going to uh take this information and we're going to go ahead and sign into our Google uh backend account. So, right here, I'm in the Google O platform. I'm setting up a client and I'm creating a client. All you need to do is just click web application and it'll give you the authorized uh JavaScript and and everything else. So, I'm actually going to show you the account that I made. And all you need to do is take your domain from Ozero and put it into your authorized JavaScript origins. Then you want to have an authorized redirect. So, this is actually sending back to uh Ozero. And what you're going to be doing is just saying same as the domain and then just login call back. And that's really all you need to do. What it's going to do is it's going to give you a client ID and then you're also going to need your client secrets. Once you have that information, you can actually pull that back into Ozero and set up your credentials. So you have your client se this is the client secret for Ozero specifically. Again, something we're going to need. But if you go into connections, this is where you can actually have your Ozero connection. And that's where you're going to have to set up your um connection directly to to your OOTH of this application. The other thing that you should do is in inside of the uh Google console, you should go ahead and enable the Google Calendar API. So, we're going to specifically pull back some information on that. You can do that by going into the enabled APIs. So, on that same page where we were with credentials, just go up and click on enabled APIs, you can actually uh click enable. It'll take you to here, and you can actually just search for whatever APIs you want. And we want uh this one. So, this is already enabled on my uh on my machine. That's why it says manage. You'll have to click enable. And that's it. That should allow you to be able to connect your uh your account to those uh APIs. What it's saying is that your O credential will allow you to go out and call and give you the scopes for that particular uh system. And so in the O0 zero setting, when you look at the connections, this is where you're going to have to paste in your client ID and your client secret. And then again, we're going to be assigning our permissions. We need to have offline access. Basic profile and extended profile come by default. And then built into Ozero, we actually have calendar. You can add more of these if you want. So these are ones that are built in and will automatically try and give you these scope. So again by default they have uh calendar, Gmail, drive, sheets, slides, contacts. I mean there's a ton of stuff in here, including actually being able to connect to YouTube as well. So you could pull back, you could log in and chat uh your with your YouTube analytics. So now that we have all of this set up, what we're going to do in in OOTH or Ozero is we're actually going to take this information and we're going to put it into the project. So over here in GitHub, you're going to want to go ahead and clone this O0 assistant zero. You can see it's a pretty fresh project. There's still some things that are coming soon soon. So, the ability to uh get Slack notifications and access to your Google Drive, they haven't built in yet, and we'll kind of show how that's actually happening. So, the other piece is that this is allowing security into uh frameworks like lane chain, llama index, and versel AI. And then what they're doing is they're using Ozer's token vault and O Gen AI to actually when you're using your tools to allow make sure that you have scope access to pull the information that you're looking to access. And so what we're going to do is let's look at the project and we'll kind of go through how you need to set this up. So go ahead and clone this down and then we're going to take a look here. So, first things first is that information that we were talking about before, you need to go ahead and save and uh m.local and put in all the information. So, your base URL is just going to be where you're hosting. Right now, we're just going to be looking at localhost. You need an O secret. They actually give you this command here. So, it's in an open SSL uh random hex. Run this in your terminal and that will give you your secret. your domain. This is uh what we were talking about earlier where we actually can put the the domain from OOTH or Ozero in here as well as your client ID and your client secret. I'm actually going to show you what it looks like when we actually trace. So, I went ahead and enabled linksmith and link chain. And you can also do uh other things like if you want to use anthropic or or something else. Again, this SER tool is required if you want to actually go out and search the web. Um, but it's it's not necessarily required. So, let's kind of take a look at the application. So, I actually already have it running. This is all you need to get it up and running. So, I actually have it running. We're going to take a look at that and then we'll kind of dive through the code. So, this is we're running on localhost. This is the actual assistant. We're going to go ahead and log in. It's going to make us log in through the Ozero that we just set up. So, as we can see, this is happy nerding. We're logging into this domain and we've got our uh Google authentication. All right. So, now it's asking me to log in. It's going to start asking me about scope, right? So, we saw this back in Ozero. We have enabled the calendar. So, we're going to allow. And now it's asking asking if this email can get be authorized through Ozero. We're going to go ahead and say allow. Real quick everyone, if you haven't already, please remember to like and subscribe. Also, I wanted to show you a gen kit boilerplate that I've been working on. Real quick, this is another project that I'm working on. It's a Firebase and Nex.js starter kit that comes with AI powered apps. And so what this allows you to do is get up and running with Firebase, Nex.js, and Genkit as well as pre-built AI components. So some of the things that we focused on were the ability to actually start with uh AI first mindset and built-in prompt instructions so that you can actually build new features, build new blog posts, build documentation and actually integrate directly into a chatbot that is built with a chat interface as well as content generation and different prompts. So, if you sign up now, there's actually a discount going on where you can get 90% off and this will fluctuate by uh this also comes with a social proof which allows you to do dynamic discounts. Right now, we're offering 90% off. So, definitely check it out and don't forget to like and subscribe. And with that, let's get back to it. All right. And so, now it actually redirected us back to our local host. And you can actually see we're logged in. So, it's pulling in my uh basic information for my profile. We have a new uh information and it's actually even telling us like where the prompt is, uh what it's what it has access to, what can you help me with. So, let's just start with what can you help me with? And then we're actually going to try and pull some information back from All right. So, we can kind of see it's streaming information. It's telling us what it can answer. It tells us that it can do email management. It can we can search for email, create drafts, and actually manage our account. We can even pull information back from our calendar. So, we know that we are able to do this. And so what we're going to do is we're just going to say um what events do I have this week? And so now we want it to actually go out to find our information. And you can see that we actually this is a real calendar event uh that I have this Tuesday which is uh with data freelancer if you haven't checked out data luminina and Dave uh definitely an awesome awesome person to follow uh super helpful when it comes to data science. So this is actually pulling information back. So we've now authenticated. We've and we're actually pulling our own data based on the login through our AI agent. So we're actually leveraging the Google scope. So what we're going to do now is we're going to go back and we're going to actually look at the code. So as we saw the first thing that we noticed when we logged in or was that they were telling us to go look at this particular route. And so what's happening here is it's actually giving us our prompt. Your personal assistant can help with all these questions. Very long prompt. It doesn't actually talk about any specific tools other than the fact that it says you have a set of tools and use those tools as needed. So in here what we can see is we're using the uh Versel AI. We're using lane chain as well and then we're using open AAI and we're using different tools. So some of the tools that we have access to are the calendar, we also have the SER tool, then we have Gmail as well as uh the calendar tool. So we can create an event and we can view an event in this way. So when we look down here, what's actually happening is we've got our LLM just like we normally do with lang chain, but we can start to see that we have our access tokens. So what we actually have is we have our Google access token which is actually coming from our oz0ero library and then we're actually taking that information. We're passing our param parameters. We're saying what our Google calendar parameters are and then we're actually sending that to each one of these tools. And again, this is great because these tools are provided in lang chain. So we don't have to go out and buy our own or build our own tool. We can actually leverage the tools that we have here. So again, when you download this, you can play around with creating a new an email draft. You can search your email. We could create a new event. Um, and maybe we'll try that. But what what this is doing then is it's allowing these it's telling these that they have the permissions, right? We have our credentials and we know that we've gotten these credentials because we've leveraged it through our access token here. And then we go through our normal kind of lane graph information. So we're actually creating a React agent. We're streaming all of our information. We're logging our tools and we're actually uh uh streaming our response. So, let's go back and create we'll do another uh we'll try and create an event create an event to make a YouTube video on cell AI and ozero. So, in the next video I wanted to show how you can actually create your own tools. you pull your own information and actually do it uh for um for Versell. So now we can actually we've created an event. We can actually see. All right. So it it did it for later today, but still pretty cool that it it actually created it on the calendar. Gave us a little link back of what we were doing. So now let's take a look at uh what's actually happening in Linksmith. So if we come in here and we have our oz0ero uh assistant, we can take a look at our runnable sequences. So all of this is what's been happening today. So this is where we started with our runnable sequence of what can you help me with and it's going out it's taking the prompt as well calling out to OpenAI and seeing what uh we can actually get back in this particular sequence. this uh same this is the what events can you help me with or what events do I have this week. So again coming back out with this sequence but then right here we actually have the calendar view of the tool. So this is our tool name. This is our call. This is the prompt that we're actually sending. And the information that we're getting back is then going to be put into our uh the information that we respond with, right? And so this is what a a runnable sequence looks like for the tool. Uh and then this is where it's actually going to show the events. So now it's showing us the the prompt. So it's got the human readable information. is showing what the output should be. This is where we're actually trying to pull the information back from our uh system. We've got that output and let's go see uh where we created an event if so one of the things we could have done was maybe say that this uh was Eastern Standard Time and to uh adjust for that time zone because it's probably picking up UTC. Cool. And so that's a uh how you can actually trace and debug the tool that you are actually leveraging with Ozero lang chain langraph a little bit of Versel and a little bit of um the AI SDK. All right, that's it for us today everyone. So what we went through was how you can actually wire up your Genai applications with Langraph and Ozero so you can protect your agent flows. With that, happy nerding. --- *Generated for LLM consumption from nerding.io video library*