Collect credentials via Kernel’s hosted page, then use the authenticated session in your automations. This is the recommended approach for most applications.
Use the Hosted UI when:
- You need users to provide their credentials
- You want the simplest integration with minimal code
- You want Kernel to handle 2FA and multi-step login flows
Getting started
1. Create an Auth Agent
An Auth Agent represents a login session for a specific website and profile.
const agent = await kernel.agents.auth.create({
domain: 'linkedin.com',
profile_name: 'linkedin-profile',
});
2. Start Authentication
Create an invocation to get the hosted login URL.
const invocation = await kernel.agents.auth.invocations.create({
auth_agent_id: agent.id,
});
3. Collect Credentials
Send the user to the hosted login page:
window.location.href = invocation.hosted_url;
- See the login page for the target website
- Enter their credentials
- Complete 2FA if needed
4. Poll for Completion
On your backend, poll until authentication completes:
let state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
while (state.status === 'IN_PROGRESS') {
await new Promise(r => setTimeout(r, 2000));
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
}
if (state.status === 'SUCCESS') {
console.log('Authentication successful!');
}
Poll every 2 seconds. The session expires after 5 minutes if not completed.
5. Use the Profile
Create browsers with the profile and navigate to the site—the session is already authenticated:
const browser = await kernel.browsers.create({
profile: { name: 'linkedin-profile' },
stealth: true,
});
// Navigate to the site—you're already logged in
await page.goto('https://linkedin.com');
Use stealth: true when creating browsers for authenticated sessions.
Complete Example
import Kernel from '@onkernel/sdk';
const kernel = new Kernel();
// Create auth agent
const agent = await kernel.agents.auth.create({
domain: 'doordash.com',
profile_name: 'doordash-user-123',
});
// Start authentication
const invocation = await kernel.agents.auth.invocations.create({
auth_agent_id: agent.id,
});
// Send user to hosted page
console.log('Login URL:', invocation.hosted_url);
// Poll for completion
let state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
while (state.status === 'IN_PROGRESS') {
await new Promise(r => setTimeout(r, 2000));
state = await kernel.agents.auth.invocations.retrieve(invocation.invocation_id);
}
if (state.status === 'SUCCESS') {
const browser = await kernel.browsers.create({
profile: { name: 'doordash-user-123' },
stealth: true,
});
// Navigate to the site—you're already logged in
await page.goto('https://doordash.com');
}
Adding Features
The basic flow above gets you started. Add these features as needed:
Save Credentials for Auto-Reauth
Capture the user’s credentials during login so future sessions can re-authenticate automatically when the session expires:
const invocation = await kernel.agents.auth.invocations.create({
auth_agent_id: agent.id,
save_credential_as: 'my-saved-creds',
});
Custom Login URL
If the site’s login page isn’t at the default location, specify it when creating the agent:
const agent = await kernel.agents.auth.create({
domain: 'example.com',
profile_name: 'my-profile',
login_url: 'https://example.com/auth/signin',
});
SSO/OAuth Support
For sites with “Sign in with Google/GitHub/Microsoft”, add the OAuth provider’s domains to allowed_domains:
const agent = await kernel.agents.auth.create({
domain: 'example.com',
profile_name: 'my-profile',
allowed_domains: ['accounts.google.com', 'google.com'],
});
Post-Login URL
After successful authentication, retrieve the auth agent to get post_login_url—the page where the login landed. Use this to start your automation from the right place:
const authAgent = await kernel.agents.auth.retrieve(agent.id);
if (authAgent.post_login_url) {
await page.goto(authAgent.post_login_url);
// Start automation from the dashboard/home page
}
