Learn how to build a secure Python AI Agent with Microsoft Agent Framework and FastAPI and use Auth0 Token Vault to securely connect to the Gmail API.
Read on here!
Any questions? Any feedback? Drop your message here!
My Account API seems to be required. Could you update the blog post with this new requirements?
Thank you for highlighting this. Actually, the blog post was published when Auth0 for AI Agents was in Early Access, and some things changed when it became Generally Available.
I fixed the missing part about the My Account API. Thanks! 
Great tutorial! However, I’m stuck on this error:
AccessTokenForConnectionError: Federated connection Refresh Token not found.
My setup:
-
Auth0 app has Token Exchange grant enabled, Refresh Token Rotation OFF
-
Google connection: Token Vault enabled, Offline Access checked, Gmail scopes added
-
Code uses connection_scope, prompt=consent, access_type=offline
Auth0 logs show successful Google login (type: s) immediately followed by feta error “Federated connection Refresh Token not found.”
Is there something specific that makes Auth0 capture Google’s refresh token into Token Vault? Feels like Google is authenticating but the refresh token isn’t being stored.
Hi @joao.d.oliveira,
Thank you for reading the article and trying the sample project.
Actually, the Offline Access on the Google connection should grant a refresh token from Google 
I assume you have already checked everything on the Google side following this document.
Also, you didn’t explicitly mention it, but I assume you have enabled and configured the My Account API as described here.
Please, double check and let me know if you have additional info.
Thanks for the swift answer!
I might be missing something, but I do believe I went diligently through the setup. I’m attaching screenshots of what I think are the most relevant configurations.
I’m wondering if there could be issues in the tenant account setup or the Auth0 ↔ GCP API linkage.
To help pinpoint the issue, I see Token Vault as a 4-step process:
-
Registration (user consent flow) —
Works. I see my app’s permission request and the user approves it. -
User creation in Auth0 —
Works. User is created in Auth0, I can re-login successfully. -
Credential storage —
Seems fine. Auth0 shows the user was created. -
Token retrieval from Token Vault —
Broken. This is where I get the Federated connection Refresh Token not found error.
I’d love guidance on how to debug step 4 specifically.
Additional observations:
-
Auth0 dashboard shows successful login, authentication, and user creation
-
Google Cloud Console shows no API Requests in my project’s metrics, however I do see OAuth token grant rate activity (grants occurring at the time of my login attempts). This suggests the OAuth flow itself is working, but something isn’t capturing/storing the refresh token.
-
When I start a fresh registration, I do see my Google project being used for the OAuth consent screen
This makes me think the issue is in how Auth0 handles/stores the refresh token from Google, rather than the OAuth flow itself.
Is there a way to verify that the refresh token is actually being captured and stored by Auth0 during the initial authentication?
Thanks!