Skip to main content

What is This?

Authentication means proving who you are before you can use something. Think of it like showing your ID card before entering a building. Bindu agents need this too - we need to know who’s talking to them before they respond.

Why Do We Need This?

Right now, anyone can talk to your Bindu agent. That’s fine for testing, but dangerous in production. With authentication:
  • ✅ Only authorized users can access your agent
  • ✅ You know who made each request
  • ✅ Different users can have different permissions
  • ✅ Your agent is safe from unauthorized access

How Will This Work?

We’re using Ory Hydra - think of it as a security guard for your agent.

Why Ory Hydra?

It’s like hiring a professional security company instead of building your own:
  • Proven & Trusted - Thousands of companies already use it
  • Follows the Rules - Uses standard security protocols (OAuth 2.0)
  • Easy to Scale - Works whether you have 10 or 10,000 users
  • Very Secure - Security experts regularly check it
  • Flexible - You can customize how login works
  • Free & Open - No licensing costs, you can see all the code

How It Works (Simple Version)

1. User tries to access your Bindu agent

2. Ory Hydra asks: "Who are you?"

3. User logs in with GitHub/Google/etc.

4. Ory Hydra gives user a "ticket" (token)

5. User shows ticket to Bindu agent

6. Bindu agent checks ticket is valid

7. If valid → Agent responds
   If invalid → Access denied
The Flow: 
User → Login with GitHub/Google → Get Ticket → Show Ticket to Agent → Access Granted

Login Options

Users can log in with accounts they already have:
  • GitHub - “Sign in with GitHub” (great for developers)
  • Google - “Sign in with Google” (everyone has Gmail)
  • Microsoft - “Sign in with Microsoft” (for companies using Office 365)
  • AWS - For companies already using Amazon Web Services
  • Custom - Your own login system if you have one

How to Use It

Step 1: Turn On Authentication in Your Agent

from bindu.penguin.bindufy import bindufy

config = {
    "author": "[email protected]",
    "name": "my_secure_agent",
    "description": "My agent with login protection",
    "deployment": {
        "url": "http://localhost:3773",
        "expose": True
    },
    # Turn on authentication
    "auth": {
        "enabled": True,  # This turns it on!
        "hydra_url": "http://localhost:4444",  # Where Ory Hydra is running
        "allowed_providers": ["github", "google"],  # Which login options to allow
    },
    "skills": []
}

def handler(messages):
    # Your agent logic
    pass

bindufy(config, handler)

Step 2: Start Ory Hydra (The Security Guard)

# Start Ory Hydra using Docker (easiest way)
docker run -d \
  --name hydra \
  -p 4444:4444 \
  -p 4445:4445 \
  oryd/hydra:v2.2.0 \
  serve all --dev

# Tell Ory Hydra about your Bindu agent
hydra create client \
  --endpoint http://localhost:4445 \
  --redirect-uri http://localhost:3773/callback
What this does:
  • Starts the security guard (Ory Hydra)
  • Tells it where your Bindu agent is
  • Sets up the connection between them

Step 3: Protect Your Agent’s Endpoints

from bindu.auth import require_auth

# This decorator means "check login first"
@require_auth()
async def my_protected_function(request):
    # Now we know who the user is!
    user = request.state.user
    print(f"User email: {user.email}")
    print(f"Logged in with: {user.provider}")  # "github" or "google"
    
    # Your agent logic here
    return {"message": f"Hello {user.email}!"}
What this does:
  • Before running your function, checks if user is logged in
  • If not logged in → Redirects to login page
  • If logged in → Runs your function and gives you user info

What You Get

  • Single Sign-On (SSO) - Log in once, access multiple agents
  • User Information - Know who’s using your agent
  • Different Permissions - Give different users different access levels
  • Extra Security - Support for 2-factor authentication (2FA)
  • Stay Logged In - Users don’t have to log in every time

Current Status

🚀 In Progress - We’re building this now!

Why This is Good for You

  • Safe - Security experts have tested it thoroughly
  • Standard - Uses the same login system as Google, GitHub, etc.
  • Scalable - Works for 10 users or 10,000 users
  • Free - No licensing costs
  • Your Control - You host it, you control it
  • Customizable - Make the login page look how you want

Want to Learn More?

  • Read the Guide - Ory Hydra documentation (more technical)
  • Ask Questions - Join our Discord and ask anything
  • Request Features - Need a different login option? Tell us!

Simple Summary

Before Authentication:
  • Anyone can access your agent ❌
  • You don’t know who’s using it ❌
  • Not safe for production ❌
After Authentication:
  • Only logged-in users can access ✅
  • You know exactly who’s using it ✅
  • Safe for production ✅
  • Users can log in with GitHub, Google, etc. ✅