feat: auth0-ai sdk Token Vault + CIBA renaming updates (#105)

* feat: begin auth0-ai sdk renaming updates, python references

* feat: adds JS Token Vault + CIBA renaming updates

* Apply suggestions from code review

Co-authored-by: lrzhou25 <[email protected]>
Co-authored-by: Patrick Malouin <[email protected]>

* fix: delete unused files

* fix: revert changes to top-level token-vault docs

* fix: revert learn-more snippet language with this change

* fix: updated releases version references

---------

Co-authored-by: lrzhou25 <[email protected]>
Co-authored-by: Patrick Malouin <[email protected]>

Author: 3 people

auth4genai/how-tos/get-github-issues-python.mdx

@@ -39,7 +39,7 @@ Create a function that will return the access token for Github.
 
 ```python wrap lines
 async def get_token_from_token_vault():
-  return await auth0.get_access_token_for_connection(
+  return await auth0.get_access_token_from_token_vault(
       options = {
           "connection" : "github",
           "scope" : "openid profile email offline_access"})

auth4genai/integrations/github.mdx

@@ -83,7 +83,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi
     ```tsx wrap lines
     const auth0AI = new Auth0AI();
 
-    export const withGitHubConnection = auth0AI.withTokenForConnection({
+    export const withGitHubConnection = auth0AI.withTokenVault({
       connection: "github",
       // scopes are not supported for GitHub yet. Set required scopes when creating the accompanying GitHub app
       scopes: [],
@@ -96,7 +96,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi
     ```python wrap lines
     auth0_ai = Auth0AI()
 
-    with_github_connection = auth0_ai.with_federated_connection(
+    with_github_connection = auth0_ai.with_token_vault(
         connection="github",
         # scopes are not supported for GitHub yet. Set required scopes when creating the accompanying GitHub app
         scopes=[],

auth4genai/integrations/google.mdx

@@ -163,7 +163,7 @@ To configure the Token Vault for your Google connection, you can use the followi
     ```tsx wrap lines
     const auth0AI = new Auth0AI();
 
-    export const withGoogleConnection = auth0AI.withTokenForConnection({
+    export const withGoogleConnection = auth0AI.withTokenVault({
       connection: "google-oauth2",
       scopes: ["https://www.googleapis.com/auth/calendar.freebusy", ...],
       refreshToken: getAuth0RefreshToken(),
@@ -175,7 +175,7 @@ To configure the Token Vault for your Google connection, you can use the followi
     ```python wrap lines
     auth0_ai = Auth0AI()
 
-    with_google_connection = auth0_ai.with_federated_connection(
+    with_google_connection = auth0_ai.with_token_vault(
         connection="google-oauth2",
         scopes=["https://www.googleapis.com/auth/calendar.freebusy", ...],
         refresh_token=get_auth0_refresh_token,

auth4genai/integrations/slack.mdx

@@ -84,7 +84,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi
     ```tsx wrap lines
     const auth0AI = new Auth0AI();
 
-    export const withSlackConnection = auth0AI.withTokenForConnection({
+    export const withSlackConnection = auth0AI.withTokenVault({
       connection: "sign-in-with-slack",
       scopes: ["channels:read", ...],
       refreshToken: getAuth0RefreshToken(),
@@ -96,7 +96,7 @@ To configure the Token Vault for your GitHub connection, you can use the followi
     ```python wrap lines
     auth0_ai = Auth0AI()
 
-    with_slack_connection = auth0_ai.with_federated_connection(
+    with_slack_connection = auth0_ai.with_token_vault(
         connection="sign-in-with-slack",
         scopes=["channels:read", ...],
         refresh_token=get_auth0_refresh_token,

auth4genai/intro/call-others-apis-on-users-behalf.mdx

@@ -1,6 +1,6 @@
 ---
 title: Call Other's APIs on User's Behalf
-description: "[Token Vault](/intro/token-vault) lets your AI agent call external APIs on the user's behalf. We provide SDKs for Python, JavaScript, and popular AI frameworks like LangChain, LlamaIndex, Genkit, and Vercel AI, making it easy and straightforward to get access tokens for your federated connections."
+description: "[Token Vault](/intro/token-vault) lets your AI agent call external APIs on the user's behalf. We provide SDKs for Python, JavaScript, and popular AI frameworks like LangChain, LlamaIndex, Genkit, and Vercel AI, making it easy and straightforward to get access tokens for external applications."
 ---
 
 ## Applications with refresh tokens

auth4genai/intro/token-vault.mdx

@@ -49,9 +49,9 @@ By using Token Vault, you can:
 The process of using Token Vault involves the following key steps:
 
 1. **User authentication and consent:** The [user links](/intro/account-linking) and authenticates with an external Identity Provider (e.g., Google) and grants your application permission to access their data by approving the requested OAuth scopes.
-2. **Secure token storage:** Auth0 receives the federated access and refresh tokens from the external provider and stores them securely within Token Vault.
-3. **Token exchange:** Your application can then exchange a valid Auth0 refresh token or access token for a federated access token from Token Vault. This allows your application to obtain the necessary credentials to call the third-party API without the user having to re-authenticate. It also means your application does not need to store or manage any credentials.
-4. **API call:** With the federated access token, your AI agent can make authorized calls to the third-party API on the user's behalf.
+2. **Secure token storage:** Auth0 receives access and refresh tokens from the external provider and stores them securely within Token Vault.
+3. **Token exchange:** Your application can then exchange a valid Auth0 refresh token or access token for an external provider's access token from Token Vault. This allows your application to obtain the necessary credentials to call external APIs without the user having to re-authenticate. It also means your application does not need to store or manage any credentials.
+4. **API call:** With the external provider's access token, your AI agent can make authorized calls to the external API on the user's behalf.
 
 ## Supported integrations
 

auth4genai/sdks/javascript-sdk.mdx

@@ -63,7 +63,7 @@ This library helps to set up the React components that can be used in AI applica
 - Tools for getting access tokens for supported social and enterprise identity providers
 
 ```bash wrap lines
-npx @auth0/ai-components add FederatedConnections
+npx @auth0/ai-components add TokenVault
 ```
 
 ### [Redis Store for Auth0 AI](https://github.com/auth0-lab/auth0-ai-js/tree/main/packages/ai-redis)

auth4genai/snippets/get-started/langchain-fastapi-py/async-auth.mdx

@@ -33,7 +33,7 @@ Make sure you have [uv](https://docs.astral.sh/uv/) installed and run the follow
 ```bash wrap lines
 cd backend
 uv sync
-uv add "auth0-ai-langchain>=1.0.0b3" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]" --prerelease=allow
+uv add "auth0-ai-langchain>=1.0.0b4" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]>=0.3.6" --prerelease=allow
 ```
 
 ### Update the environment file
@@ -46,7 +46,7 @@ Integrate the Auth0 AI SDK into your application to secure your async AI agent w
 
 #### Configure the Auth0 AI SDK
 
-To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `with_async_user_confirmation()`. Let's create a helper function to wrap the tool with the Async authorizer.
+To require asynchronous authorization for your tool, the tool needs to be wrapped with the Async authorizer, `with_async_authorization()`. Let's create a helper function to wrap the tool with the Async authorizer.
 
 Create a file at `app/core/auth0_ai.py` and instantiate a new Auth0 AI SDK client:
 
@@ -67,8 +67,9 @@ auth0_ai = Auth0AI(
     )
 )
 
-with_async_user_confirmation = auth0_ai.with_async_user_confirmation(
+with_async_authorization = auth0_ai.with_async_authorization(
     audience=settings.SHOP_API_AUDIENCE,
+    # param: scopes
     # add any scopes you want to use with your API
     scopes=["openid", "product:buy"],
     binding_message=lambda product, quantity: f"Do you want to buy {quantity} {product}",
@@ -77,6 +78,12 @@ with_async_user_confirmation = auth0_ai.with_async_user_confirmation(
     .get("_credentials")
     .get("user")
     .get("sub"),
+    # param: requested_expiry
+    # Note: Setting a requested expiry greater than 300 (seconds) will force email verification
+    # instead of using the push notification flow.
+    # requested_expiry=301,
+
+    # param: on_authorization_request
     # When this flag is set to `block`, the execution of the tool awaits
     # until the user approves or rejects the request.
     #
@@ -86,12 +93,13 @@ with_async_user_confirmation = auth0_ai.with_async_user_confirmation(
     # In practice, the process that is awaiting the user confirmation
     # could crash or timeout before the user approves the request.
     on_authorization_request="block",
+
 )
 ```
 
-This will intercept the tool call to initiate a CIBA request:
+This will intercept the tool call to initiate an Async Authorization request:
 
-- The CIBA request includes the user ID that will approve the request.
+- The Async Authorization request includes the user ID that will approve the request.
 - Auth0 sends the user a mobile push notification. The AI agent polls the `/token` endpoint for a user response.
 - The mobile application retrieves the `bindingMessage` containing the consent details, in this case, the details of the product to purchase.
 - The user responds to the request:
@@ -138,17 +146,17 @@ async def api_route(
 
 #### Create a tool to call your API
 
-In this example, we use a tool that buys products on the user's behalf. When the user approves the transaction, the Auth0 AI SDK retrieves an access token to call the shop's API. Upon completing the CIBA flow, the AI agent responds with a message confirming the purchase. The Auth0 AI SDK returns an error response if the user denies the transaction.
+In this example, we use a tool that buys products on the user's behalf. When the user approves the transaction, the Auth0 AI SDK retrieves an access token to call the shop's API. Upon completing the Async Authorization flow, the AI agent responds with a message confirming the purchase. The Auth0 AI SDK returns an error response if the user denies the transaction.
 
 Now, create a file `app/agents/tools/shop_online.py` and add the following code:
 
 ```python app/agents/tools/shop_online.py wrap lines
 import httpx
 from langchain_core.tools import StructuredTool
-from auth0_ai_langchain.ciba import get_ciba_credentials
+from auth0_ai_langchain.async_authorization import get_async_authorization_credentials
 from pydantic import BaseModel
 
-from app.core.auth0_ai import with_async_user_confirmation
+from app.core.auth0_ai import with_async_authorization
 from app.core.config import settings
 
 
@@ -166,10 +174,10 @@ async def shop_online_fn(product: str, quantity: int):
         # No API set, mock a response
         return f"Ordered {quantity} {product}"
 
-    credentials = get_ciba_credentials()
+    credentials = get_async_authorization_credentials()
 
     if not credentials:
-        raise ValueError("CIBA credentials not found")
+        raise ValueError("Async Authorization credentials not found")
 
     headers = {
         "Authorization": f"Bearer {credentials['access_token']}",
@@ -201,7 +209,7 @@ async def shop_online_fn(product: str, quantity: int):
         }
 
 
-shop_online = with_async_user_confirmation(
+shop_online = with_async_authorization(
     StructuredTool(
         name="shop_online",
         description="Tool to buy products online.",

auth4genai/snippets/get-started/langchain-fastapi-py/auth-for-rag.mdx

@@ -34,7 +34,7 @@ Make sure you have [uv](https://docs.astral.sh/uv/) installed and run the follow
 ```bash wrap lines
 cd backend
 uv sync
-uv add "auth0-ai-langchain>=1.0.0b3" openfga-sdk langgraph langchain-openai "langgraph-cli[inmem]" --prerelease=allow
+uv add "auth0-ai-langchain>=1.0.0b4" openfga-sdk langgraph langchain-openai "langgraph-cli[inmem]" --prerelease=allow
 ```
 
 ### Update the environment file

auth4genai/snippets/get-started/langchain-fastapi-py/call-others-api.mdx

@@ -15,7 +15,7 @@ import { DownloadQuickstartButton } from "/snippets/download-quickstart/Download
   <Tab
     title="Use sample app (recommended)"
   >
-  
+
 ### Download sample app
 Start by downloading and extracting the sample app. Then open in your preferred IDE.
 <DownloadQuickstartButton
@@ -135,7 +135,7 @@ Make sure you have [uv](https://docs.astral.sh/uv/) installed and run the follow
 ```bash wrap lines
 cd backend
 uv sync
-uv add "auth0-ai-langchain>=1.0.0b3" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]" google-api-python-client --prerelease=allow
+uv add "auth0-ai-langchain>=1.0.0b4" "langgraph>=0.5.4" langchain-openai "langgraph-cli[inmem]>=0.3.6" google-api-python-client --prerelease=allow
 ```
 
 ### Update your environment file
@@ -192,7 +192,7 @@ auth0_ai = Auth0AI(
     )
 )
 
-with_calendar_access = auth0_ai.with_federated_connection(
+with_calendar_access = auth0_ai.with_token_vault(
     connection="google-oauth2",
     scopes=["https://www.googleapis.com/auth/calendar.events"],
 )
@@ -244,8 +244,8 @@ from langchain_core.tools import StructuredTool
 from google.oauth2.credentials import Credentials
 from googleapiclient.discovery import build
 from pydantic import BaseModel
-from auth0_ai_langchain.federated_connections import (
-    get_access_token_for_connection,
+from auth0_ai_langchain.token_vault import (
+    get_access_token_from_token_vault,
 )
 import datetime
 import json
@@ -254,10 +254,10 @@ from app.core.auth0_ai import with_calendar_access
 
 async def list_upcoming_events_fn():
     """List upcoming events from the user's Google Calendar"""
-    google_access_token = get_access_token_for_connection()
+    google_access_token = get_access_token_from_token_vault()
     if not google_access_token:
         raise ValueError(
-            "Authorization required to access the Federated Connection API"
+            "Authorization required to access the Google Calendar API"
         )
 
     calendar_service = build(
@@ -329,18 +329,18 @@ To implement, install the Auth0 AI Components for React SDK to get the required
 ```bash wrap lines
 cd frontend
 npm install @auth0/ai @langchain/langgraph-sdk
-npx @auth0/ai-components add FederatedConnections
+npx @auth0/ai-components add TokenVault
 ```
 
-Add a new file, `src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx`, with the following code:
+Add a new file, `src/components/auth0-ai/TokenVault/TokenVaultInterruptHandler.tsx`, with the following code:
 
-```tsx src/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler.tsx wrap lines
-import { FederatedConnectionInterrupt } from "@auth0/ai/interrupts";
+```tsx src/components/auth0-ai/TokenVault/TokenVaultInterruptHandler.tsx wrap lines
+import { TokenVaultInterrupt } from "@auth0/ai/interrupts";
 import type { Interrupt } from "@langchain/langgraph-sdk";
 
-import { EnsureAPIAccess } from "@/components/auth0-ai/FederatedConnections";
+import { TokenVaultConsent } from "@/components/auth0-ai/TokenVault";
 
-interface FederatedConnectionInterruptHandlerProps {
+interface TokenVaultInterruptHandlerProps {
   interrupt: Interrupt | undefined | null;
   onFinish: () => void;
   auth?: {
@@ -349,21 +349,21 @@ interface FederatedConnectionInterruptHandlerProps {
   };
 }
 
-export function FederatedConnectionInterruptHandler({
+export function TokenVaultInterruptHandler({
   interrupt,
   onFinish,
   auth,
-}: FederatedConnectionInterruptHandlerProps) {
+}: TokenVaultInterruptHandlerProps) {
   if (
     !interrupt ||
-    !FederatedConnectionInterrupt.isInterrupt(interrupt.value)
+    !TokenVaultInterrupt.isInterrupt(interrupt.value)
   ) {
     return null;
   }
 
   return (
     <div key={interrupt.ns?.join("")} className="whitespace-pre-wrap">
-      <EnsureAPIAccess
+      <TokenVaultConsent
         mode="popup"
         interrupt={interrupt.value}
         onFinish={onFinish}
@@ -379,11 +379,11 @@ export function FederatedConnectionInterruptHandler({
 }
 ```
 
-Now, update your chat window code to include the `FederatedConnectionInterruptHandler` component, for example:
+Now, update your chat window code to include the `TokenVaultInterruptHandler` component, for example:
 
 ```tsx src/components/chat-window.tsx wrap lines highlight={2,3,25-50}
 //...
-import { FederatedConnectionInterruptHandler } from '@/components/auth0-ai/FederatedConnections/FederatedConnectionInterruptHandler';
+import { TokenVaultInterruptHandler } from '@/components/auth0-ai/TokenVault/TokenVaultInterruptHandler';
 import { getLoginUrl } from "@/lib/use-auth";
 
 //... existing code
@@ -408,7 +408,7 @@ export function ChatWindow(props: {
               />
               <div className="flex flex-col max-w-[768px] mx-auto pb-12 w-full">
                 {!!chat.interrupt?.value && (
-                  <FederatedConnectionInterruptHandler
+                  <TokenVaultInterruptHandler
                     auth={{
                       authorizePath: getLoginUrl(),
                       returnTo: new URL(
@@ -451,4 +451,4 @@ That's it! You successfully integrated third-party API access using Token Vault
 ### View a complete example
 Want to see how it all comes together? Explore or clone the fully implemented sample application on [GitHub](https://github.com/auth0-samples/auth0-ai-samples/tree/main/call-apis-on-users-behalf/others-api/langchain-fastapi-py).
 </Tab>
-</Tabs>
+</Tabs>