Delegate

Inspiration

Managing email and calendar is one of those tasks that eats hours every week without feeling like real work. I wanted to build an agent that could handle the grunt work, reading, drafting, and scheduling while keeping the user firmly in control. The bigger question was: how do you give an AI agent access to something as sensitive as someone's Gmail without it feeling like handing over the keys to your house?

That's what drew me to Auth0 Token Vault. The idea that an agent could act on your behalf, without ever holding your raw credentials, felt like the right answer, and I wanted to build something that proved it in practice.

What it does

Delegate is an AI chief of staff for your Google Workspace. You chat with it in plain English, and it acts on your behalf across Gmail and Google Calendar:

Read & summarise unread emails and flag urgent threads
Draft replies in your tone for your review
Schedule meetings by checking your calendar availability
Cancel or reschedule events on request
Step-up confirmation — before sending an email or deleting an event, The agent pauses and asks you to confirm, using Auth0's CIBA flow

A dedicated permissions dashboard lets you see exactly what scopes the The agent holds and revokes access at any time.

How we built it

Frontend: Next.js 14 (App Router) with Tailwind CSS chat interface, permissions dashboard, and consent screens.

Auth & token management: Auth0 for user login and Google OAuth. Token Vault stores the Google access and refresh tokens so the agent never handles raw credentials directly.

Agent layer: Vercel AI SDK with Claude (claude-sonnet-4-20250514) as the reasoning engine. The agent has four tools: readEmails, draftReply, getCalendarEvents, and createOrDeleteEvent.

Step-up auth: Destructive actions (send email, delete event) trigger An Auth0 CIBA flow — the user gets a confirmation prompt before anything Irreversible happens.

APIs: Gmail API and Google Calendar API, accessed via tokens retrieved from Token Vault at runtime.

Challenges we ran into

Google OAuth consent screen setup was the single biggest obstacle. Configuring the correct Gmail and Calendar scopes, getting them through Google Cloud Console verification and aligning redirect URIs with Auth0's expected callback URLs took the majority of debugging time. There is no single guide that covers this full path for Next.js App Router; we had to piece it together from three different documentation sources.

Token retrieval inside API routes required understanding how Token Vault's exchange endpoint works in a server-side context, which wasn't immediately obvious from the docs.

Scope decisions, figuring out the minimum viable set of Gmail and Calendar scopes (rather than requesting everything) required reading Google's API reference carefully and test edge cases.

Accomplishments that we're proud of

A genuinely useful agent that handles real email and calendar tasks end-to-end
A clean permissions dashboard that makes delegated access transparent And revocable users always know what the agent can do
Step-up authentication wired correctly for every destructive action, with zero cases where the agent acts irreversibly without explicit user confirmation
Token Vault integration, which means no credentials are ever stored in our database or passed through our application layer

What we learned

AI agents and traditional web apps have fundamentally different auth needs. Web apps act on behalf of the present user. Agents act on behalf of an absent one. Token Vault is built for exactly that distinction.
Scope hygiene matters more than you'd expect. Requesting too many permissions erodes user trust, even if you never use them.
Step-up auth is not just a security feature, it's a UX feature. Users feel more comfortable letting the agent act when they know It will pause before doing anything consequential.
The hardest part of building with Token Vault wasn't the concept , it was the gap between understanding it and having it running in a real Next.js project.

What's next for Delegate

Google Drive integration, surface relevant docs before meetings
Proactive briefings, a daily digest delivered each morning without prompting
Multi-account support one agent managing work and personal Google accounts with separate token vaults and permission scopes
Tone learning, the agent adapts its drafting style to match How do you actually write

Bonus Blog Post

How I Learned to Stop Worrying and Let Auth0 Hold My Tokens

When I started building Delegate, an AI chief of staff for Gmail and Google Calendar, my first instinct was to do what most developers do: store OAuth tokens in a database, write refresh logic, encrypt everything, and pray. Then I found Token Vault, and that entire plan evaporated.

The core insight Token Vault surfaced for me is one that sounds obvious in hindsight: AI agents are fundamentally different from traditional web apps when it comes to authentication. A web app acts on behalf of a user who is present. An AI agent acts on behalf of a user who is absent. That distinction changes everything about how you handle credentials.

Without Token Vault, delegated auth for agents is a DIY security problem. You need encrypted storage, background refresh workers, expiry tracking, and scope management, none of which is your product. All of it is infrastructure that's easy to get wrong and painful to audit.

Token Vault collapses that entire layer into a single integration. Your agent requests a token, Auth0 returns it fresh, and you never touch the underlying credential. For a beginner to OAuth like me, that felt like being handed a seatbelt I didn't know I needed.

The friction I did hit was real: the Google OAuth consent screen setup is fiddly, and there's no single Next.js App Router guide that covers the full path from Auth0 tenant setup to a working token retrieval inside an API route. I spent the better part of two days bridging that gap with three different doc pages open at once.

But the payoff was immediate. Once Token Vault was wired up, I could Focus entirely on what made Delegate interesting — the step-up An authentication flow that asks users to confirm before the agent sends an email or deletes a calendar event. That human-in-the-loop layer It would have been much harder to build confidently if I'd been managing raw tokens myself.

The pattern Token Vault enables the agent to act, the human confirms, and Auth0 holds the keys is the right mental model for agentic AI in production. Any developer building agents that touch real user data should be asking themselves: who holds my tokens, and what happens when a refresh fails at 2 am with no user present? Token Vault is the answer to both questions. I'd love to see a dedicated Next.js App Router quickstart and a token health dashboard in a future release, but even at this stage, it's the right tool for the job.