Agent-Pass Logo
Agent-PassDocumentation

Basic Authentication Flow

A complete, working example demonstrating the Agent-Pass authentication flow from identity creation to dual-signature verification. This example runs in Node.js and shows all core concepts.

Prerequisites

Requirements
  • Node.js 18+ or Bun
  • TypeScript 5.0+
  • @agent-pass/core package
Setup
Installation
bash
npm install @agent-pass/core
# or
yarn add @agent-pass/core
# or  
bun add @agent-pass/core

Complete Example

This example demonstrates the full Agent-Pass authentication flow including identity creation, credential issuance, challenge-response authentication, and dual verification.

basic-authentication-flow.ts
typescript
/**
 * Agent-Pass Basic Authentication Flow Example
 * 
 * This demonstrates the complete Agent-Pass authentication process:
 * 1. Create controller and agent identities
 * 2. Issue an Agent Capability Credential
 * 3. Generate authentication challenge
 * 4. Create Verifiable Presentation
 * 5. Verify with dual signatures
 */

import { AgentPass } from '@agent-pass/core';

async function demonstrateAgentPassFlow() {
  console.log('πŸš€ Agent-Pass Protocol Demonstration');
  console.log('=====================================\n');

  // Initialize the Agent-Pass library
  const agentPass = new AgentPass();

  try {
    // ===== STEP 1: CREATE IDENTITIES =====
    console.log('πŸ“ Step 1: Creating Identities');
    console.log('-------------------------------');
    
    // Create controller identity (human user)
    const controller = await agentPass.createControllerIdentity({
      alias: 'human-controller',
      keyType: 'Ed25519'
    });
    console.log(`βœ… Controller DID: ${controller.did}`);
    
    // Create agent identity (AI agent)
    const agent = await agentPass.createAgentIdentity({
      alias: 'email-agent',
      keyType: 'Ed25519'
    });
    console.log(`βœ… Agent DID: ${agent.did}\n`);

    // ===== STEP 2: ISSUE CAPABILITY CREDENTIAL =====
    console.log('πŸ” Step 2: Issuing Agent Capability Credential');
    console.log('-----------------------------------------------');
    
    const credential = await agentPass.createAgentCapabilityCredential(
      controller,
      agent,
      {
        scope: ['read:emails', 'send:emails', 'manage:calendar'],
        constraints: {
          maxEmailsPerDay: 100,
          allowedDomains: ['example.com', 'workos.com'],
          timeWindow: {
            start: '09:00',
            end: '17:00'
          }
        },
        expirationDate: new Date(Date.now() + 24 * 60 * 60 * 1000) // 24 hours
      }
    );
    
    console.log('βœ… Agent Capability Credential created');
    console.log(`   Issuer (Controller): ${credential.issuer}`);
    console.log(`   Subject (Agent): ${credential.credentialSubject.id}`);
    console.log(`   Scope: ${credential.credentialSubject.scope.join(', ')}`);
    console.log(`   Expires: ${credential.expirationDate}\n`);

    // ===== STEP 3: AUTHENTICATION CHALLENGE =====
    console.log('🎯 Step 3: Creating Authentication Challenge');
    console.log('--------------------------------------------');
    
    const challenge = await agentPass.createChallenge({
      domain: 'workos.com'
    });
    
    console.log(`βœ… Challenge generated: ${challenge.challenge.substring(0, 16)}...`);
    console.log(`   Domain: ${challenge.domain}`);
    console.log(`   Expires at: ${new Date(challenge.expiresAt)}\n`);

    // ===== STEP 4: CREATE VERIFIABLE PRESENTATION =====
    console.log('πŸ“‹ Step 4: Creating Verifiable Presentation');
    console.log('--------------------------------------------');
    
    const presentation = await agentPass.createPresentation(
      agent,
      controller,
      [credential],
      challenge
    );
    
    console.log('βœ… Verifiable Presentation created');
    console.log(`   Holder: ${presentation.holder}`);
    console.log(`   Credentials: ${presentation.verifiableCredential.length}`);
    console.log(`   Has proof: ${!!presentation.proof}\n`);

    // ===== STEP 5: VERIFY AUTHENTICATION =====
    console.log('βœ… Step 5: Verifying Authentication');
    console.log('-----------------------------------');
    
    const verification = await agentPass.verifyPresentation(
      presentation,
      challenge,
      {
        domain: 'workos.com',
        requiredScope: ['read:emails']
      }
    );
    
    if (verification.verified) {
      console.log('πŸŽ‰ Authentication SUCCESSFUL!');
      console.log(`βœ… Agent DID: ${verification.agentDid}`);
      console.log(`βœ… Controller DID: ${verification.controllerDid}`);
      console.log(`βœ… Granted Scope: ${verification.scope?.join(', ')}`);
      console.log(`βœ… Constraints verified: ${!!verification.constraintsValid}`);
      console.log(`βœ… Valid until: ${new Date(verification.expiresAt)}`);
    } else {
      console.log('❌ Authentication FAILED');
      console.log(`   Reason: ${verification.reason}`);
      console.log(`   Error: ${verification.error}`);
    }

    // ===== STEP 6: SCOPE-BASED AUTHORIZATION =====
    console.log('\nπŸ”’ Step 6: Testing Scope-based Authorization');
    console.log('---------------------------------------------');
    
    // Test allowed scope
    const canSendEmails = await agentPass.hasScope(verification, 'send:emails');
    console.log(`πŸ“§ Can send emails to example.com: ${canSendEmails ? 'βœ… YES' : '❌ NO'}`);
    
    // Test scope constraint (domain restriction)
    const emailRequest = {
      action: 'send:emails',
      domain: 'unauthorized.com'
    };
    
    const canSendToOtherDomain = await agentPass.validateConstraints(verification, emailRequest);
    console.log(`πŸ“§ Can send emails to unauthorized.com: ${canSendToOtherDomain ? 'βœ… YES' : '❌ NO'}`);

  } catch (error) {
    console.error('❌ Agent-Pass demonstration failed:', error);
  }
}

// Run the demonstration
demonstrateAgentPassFlow();

Running the Example

Node.js
Run directly with Node.js and TypeScript
Run with Node.js
bash
# Save the code as basic-flow.ts
# Install dependencies
npm install @agent-pass/core typescript ts-node

# Run the example
npx ts-node basic-flow.ts

# Or compile and run
npx tsc basic-flow.ts
node basic-flow.js
Bun
Run with Bun for faster execution
Run with Bun
bash
# Install dependencies
bun add @agent-pass/core

# Run directly (TypeScript support built-in)
bun run basic-flow.ts

# Very fast execution!

Example Variations

Different Constraints
Try different constraint types and see how they affect permissions
Custom Constraints
typescript
// Time-based constraints
constraints: {
  timeWindow: {
    start: '14:00',
    end: '16:00'
  },
  timezone: 'America/New_York'
}

// IP-based constraints  
constraints: {
  ipWhitelist: [
    '192.168.1.0/24',
    '10.0.0.100'
  ]
}

// Spending limits
constraints: {
  spendingLimit: '$500',
  currency: 'USD',
  period: 'daily'
}
Error Scenarios
Test what happens when verification fails
Testing Failures
typescript
// Test expired challenge
const oldChallenge = agentPass.generateChallenge(
  'api.example.com',
  -60 // Already expired!
);

// Test wrong domain
const verification = await agentPass.verifyVerifiablePresentation(
  presentation,
  challenge.challenge,
  'wrong-domain.com' // Different domain
);

// Test invalid scope
const canDoInvalidAction = await agentPass.checkPermission(
  credential,
  'delete:everything', // Not in scope
  {}
);

Next Steps

Express.js Integration
Learn how to integrate Agent-Pass with Express.js middleware
Advanced Examples
Explore complex scenarios and production patterns
Understand the ArchitectureAPI Reference