Programmatic Auth Configs

Guide to creating auth configs programmatically

Auth configs are created once and reused many times. However, when managing multiple toolkits, you may want to create auth configs programmatically.

  • When creating and destroying auth configs multiple times in your app’s lifecycle.
  • When creating auth configs for your users’ users.

OAuth2 based apps

Using Composio Default Auth

Since OAuth2 is the most common authentication type for applications, Composio provides managed auth for most OAuth2 based applications. This is to speed up development and prototyping. This means you don’t have to provide your own OAuth credentials.

1from composio import Composio
2
3composio = Composio()
4
5# Use composio managed auth
6auth_config = composio.auth_configs.create(
7 toolkit="github",
8 options={
9 "type": "use_composio_managed_auth",
10 },
11)
12print(auth_config)

The returned auth_config_id should be stored securely in your database for future use to be created and destroyed multiple times.

You can also provide your own authentication details. The required credentials and authScheme depend on the auth type.

Using your own OAuth2 credentials

Setting up and using your own OAuth2 credentials is the recommended way when going to production or expecting high usage.

In this example, we’re using our own OAuth2 client ID and secret to create the auth config for Notion.

1# Use custom auth
2auth_config = composio.auth_configs.create(
3 toolkit="notion",
4 options={
5 "name": "Notion Auth",
6 "type": "use_custom_auth",
7 "auth_scheme": "OAUTH2",
8 "credentials": {
9 "client_id": "1234567890",
10 "client_secret": "1234567890",
11 },
12 },
13)
14print(auth_config)

Specifying the authorized redirect URI The process of setting up your own OAuth2 credentials usually involves generating a client ID and secret and specifying the authorized redirect URI in the OAuth configuration.

The authorized redirect URI is the URI that captures the OAuth code that is returned to the app.

While doing so, you must ensure to set the authorized redirect URI in the OAuth configuration to:

https://backend.composio.dev/api/v3/toolkits/auth/callback
Developer settings for GitHub OAuth2 app

Specifying scopes

Composio requests a set of appropriate default OAuth2 scopes for each toolkit wherever possible. However, you can override or modify these scopes by passing a scopes field to the credentials object.

1from composio import Composio
2
3composio = Composio()
4
5response = composio.auth_configs.create(
6 toolkit="HUBSPOT",
7 options={
8 "name": "HubspotConfig",
9 "authScheme": "OAUTH2",
10 "type": "use_composio_managed_auth",
11 "credentials": {
12 "scopes": "sales-email-read,tickets"
13 }
14 }
15)
16
17print(response.id)

Other auth types

Composio supports many applications that use different authentication types like API keys, Bearer tokens, JWT and even no authentication at all.

Generating the auth config for other auth types only has minor differences.

  • use_custom_auth is used instead of use_composio_managed_auth
  • The credentials field is used to pass the authentication details
  • The authScheme field is used to specify the auth type
1# Use custom auth
2auth_config = composio.auth_configs.create(
3 toolkit="perplexityai",
4 options={
5 "type": "use_custom_auth",
6 "auth_scheme": "API_KEY",
7 "credentials": {}
8 },
9)
10print(auth_config)

Programmatically inspecting fields

In cases where you need to dynamically discover the exact field names and handle different auth schemes programmatically, you can inspect the auth config details first.

This works for all auth types.

1required_fields = composio.toolkits.get_auth_config_creation_fields(
2 toolkit="NOTION",
3 auth_scheme="OAUTH2",
4 required_only=True,
5)
6print(required_fields)

and then inspect the required fields and specify them in the credentials object.