A portable local authentication library for AI agents and developer tools
Project description
Credential Gateway for AI Agents
Docs · Website · Discord · Issues
An open-source credential gateway that sits between your agents and the services they call. Instead of sharing credentials with every agent, log in once via OAuth2 or API keys. Authsome stores credentials securely and injects them via an HTTP proxy. You get one place to manage access, rotate keys, and see what every agent is doing.
Bundled providers out of the box — OAuth2 and API key. See the full list.
Demo
https://github.com/user-attachments/assets/27f9b229-baf4-4889-be9a-378a133654dc
Why Agents Need Authsome
Agents run beyond interactive sessions. They live in CI, over SSH, in cron jobs, in background workers, and in parallel pipelines. They need API access that survives without a human in the loop.
Hardcoded environment tokens leak or go stale, and building auth flow logic, token storage, refresh handling, and per-provider config into every project rebuilds the same plumbing every time.
Authsome is the credential broker agents call at runtime.
- No credential sprawl. One encrypted store. Every provider, every agent, one place.
- Agents never see credentials. Auth is handled outside the agent process — no exfiltration risk, no secrets in environment variables.
- No browser required at runtime. Setup can use browser PKCE, device code, or a browser bridge for secure API key entry. After that, agents run headlessly.
How It Works
The CLI is the agent's interface: setup once, then inject fresh credentials whenever a tool runs.
Authenticate once:
authsome login github
# This opens a browser on user's machine
# user completes login without sharing the creds with the agent.
Then agents get valid credentials on demand when they try to access external services.
All they need to do is use authsome run -- before the command they want to run:
authsome run -- curl -s "https://api.github.com/user/repos?per_page=10"
# runs behind an auth proxy that injects headers at request time
# without exposing secrets in the child process environment.
# matched automatically via provider api_url (e.g. api.openai.com)
Credentials are encrypted at rest and refreshed before expiry.
Why Authsome
| authsome | Hardcoded env tokens | DIY | |
|---|---|---|---|
| Automatic token refresh | ✅ | ❌ | build it |
| OAuth2 + API keys | ✅ | ❌ | build it |
| Runtime headless use | ✅ | ✅ | varies |
| Built-in providers, zero config | ✅ | ❌ | ❌ |
| Multi-account per provider | ✅ | ❌ | build it |
| Agents never see credentials | ✅ | ❌ | build it |
Authsome gives agents one command for a valid token, without scattering long-lived secrets across every project.
Install
Requires Python 3.13+.
uv tool install authsome
Self-hosting
Run a persistent daemon in Docker — no Python required on the host:
export AUTHSOME_POSTGRES_PASSWORD="$(openssl rand -hex 24)"
export AUTHSOME_MASTER_KEY="$(openssl rand -base64 32)"
export AUTHSOME_UI_SESSION_KEY="$(openssl rand -base64 32)"
docker compose up -d
curl http://localhost:7998/health
For a hosted daemon, set AUTHSOME_BASE_URL to the public HTTPS URL before starting the stack. See the self-hosting guide for first-run setup, volume backup, TLS termination, and environment variable reference.
Quick Start
Install and run first-time setup (identity, claim, and API key import from .env):
authsome onboard
For a remote daemon, pass --base-url once — it is saved in client config for later commands:
authsome onboard --base-url https://authsome.example.com
Add the authsome skill to your agent (claude, codex, cursor, hermes, etc.):
npx skills add agentrhq/authsome
And try a sample task that requires access to external services:
Star the repo agentrhq/authsome
Get my last 5 emails from gmail
Check my stripe balance
The agent will use authsome to login into external services and perform the task.
Agent Integrations
Authsome ships with adapters for the most common agent frameworks and CLIs:
Full list at authsome.ai/docs/integrations.
Community
- Discord for questions, help, and showing what you're building.
- GitHub Issues for bugs and feature requests.
Roadmap
See authsome.ai/docs/roadmap for what's shipped, what's next, and what's out of scope.
Contributing
- Found a bug? Open an issue
- Have an idea? Start a discussion
- Want to contribute? Read CONTRIBUTING.md for development setup, testing, and the engineering principles we follow.
Links
- Website: authsome.ai
- Docs: authsome.ai/docs
- Discord: discord.gg/9YP2C9tvMp
- Issues: github.com/agentrhq/authsome/issues
Star History
License
MIT. See LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file authsome-0.7.2.tar.gz.
File metadata
- Download URL: authsome-0.7.2.tar.gz
- Upload date:
- Size: 1.5 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
94d32f82bccd092cd252fd1c9b6fd184b4b08ad1784ebcbf6bece85cb83b7bef
|
|
| MD5 |
057b8381d5bdd296b581538353ef0d9e
|
|
| BLAKE2b-256 |
692f0e58c8a535622de3501ec9d3e54ce38ff247cd346207e986f7fd4b8db918
|
File details
Details for the file authsome-0.7.2-py3-none-any.whl.
File metadata
- Download URL: authsome-0.7.2-py3-none-any.whl
- Upload date:
- Size: 1.2 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.21 {"installer":{"name":"uv","version":"0.11.21","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d7f51183a68dfe99685002688cf19c3f8c37bd9590c73865deb3a18e00d2f49d
|
|
| MD5 |
0df2770747afe6cb68170639efcdcac8
|
|
| BLAKE2b-256 |
2441ae84ab8dc6d8648332afc954bd25f4dce3fc881d0cf948e1076351e8983a
|
