Skip to main content
This example demonstrates how to use JWT middleware with AgentOS using HTTP-only cookies instead of Authorization headers. This approach is more secure for web applications as it prevents XSS attacks.

Code

jwt_cookies.py

Usage

1

Set up your virtual environment

2

Set Environment Variables

3

Install dependencies

4

Setup PostgreSQL Database

5

Run Example

6

Test Cookie Authentication

Step 1: Set the authentication cookie
Step 2: Make authenticated requests using the cookie
Step 3: Test browser-based authentication
  1. Visit http://localhost:7777/set-auth-cookie in your browser
  2. Visit http://localhost:7777/docs to see the API documentation
  3. Use the “Try it out” feature - cookies are automatically included
Step 4: Clear authentication (logout)

How It Works

  1. Cookie Management: Custom endpoints handle setting and clearing authentication cookies
  2. JWT Middleware: Configured to extract tokens from the auth_token cookie
  3. Token Validation: Full validation enabled to ensure security
  4. Parameter Injection: User profile data automatically injected into agent tools
  5. Route Exclusion: Cookie management endpoints excluded from authentication

Developer Resources