feat: Add Eliza chatbot to demonstrate universal authentication with the Agentic Profile #163
+1,069
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mprynce
changed the title
1 task
holtskinner
reviewed
Jul 23, 2025
mprynce
force-pushed
the
feature-Eliza-with-authentication
branch
from
8bb5a86 to
4cc8820
Compare
mprynce
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds an Eliza agent that is available at two endpoints on a server, / and /agents/eliza. The / agent does not require authentication, whereas the /agents/eliza agent does require authentication.
The eliza example demonstrates Decentralized ID (DID)/JWT based authentication and user, business, and gov scoped identity to A2A agents. While DIDs can support DLT, this implementation is web based and all DID documents are accessible via HTTP(S).
Details on how to run Eliza with no authentication, and with authentication are available in the README.md in the agents/eliza directory.
What is this solving?
While most agent orchestration frameworks authenticate with remote agents using API keys as bearer tokens or user driven OAuth, there is a big gap in the ability of two different entities agents being able to authenticate. For example, if you and I are attending the same event and we should really meet to discuss the next big thing, then how does an agent representing you find an agent representing me, and then how to they authenticate each other, and start a dialog to determine your and my synergies?
Having a DID associated with you, and a DID for me is the first step. A presence service can then see we are nearby. We can resolve DID documents from our DIDs which in turn list the agents representing us. Public key cryptography obviates authentication servers as the DID document contains the public keys. Standard HTTP 401/WWW-Authenticate header with challenge provides a very well established and secure way for agents to establish secure communications.
Design
The Agentic Profile is a very thin wrapper around DIDs and A2A that supports the above interaction. I've created an A2AExpressService to accept an AgentSessionResolver for use when agents require authentication. A working example is in the eliza-app.ts file.
I also modified the A2AClient (in a separate PR to the a2a-js repo) to accept an authHandler option which intercepts HTTP 401 responses and can inject the WWW-Authenticate header. I added support for two more parameters to a fork of the CLI (eliza/universal-auth-cli.ts) to indicate which authentication profile to use, and which agent from that profile to use to generate the JWT.
Finally, I added a utility script at eliza/create-global-agentic-profile to publish a demo agentic profile to the public web for testing. A local copy of the private keys for that profile are stored at ~/.agentic/iam
Much more information is available on my Agentic Profile blog and also in the NPM agentic profile packages:
@agentic-profile/auth
Thank you!