# Programmatic Auth Configs (/docs/auth-configuration/programmatic-auth-configs) > If you're building an agent, we recommend using [sessions](/docs/configuring-sessions#custom-auth-configs) instead. Sessions let you pass custom auth configs directly when creating a session. Auth configs are created once and reused many times. However, when managing multiple toolkits, you may want to create auth configs programmatically. * When creating and destroying auth configs multiple times in your app's lifecycle. * When creating auth configs for your users' users. # OAuth2 based apps ## Using Composio Default Auth Since OAuth2 is the most common authentication type for applications, Composio provides managed auth for most OAuth2 based applications. This is to speed up development and prototyping. This means you don't have to provide your own OAuth credentials. **Python:** ```python from composio import Composio composio = Composio() # Use composio managed auth auth_config = composio.auth_configs.create( toolkit="github", options={ "type": "use_composio_managed_auth", }, ) print(auth_config) ``` **TypeScript:** ```typescript import { Composio } from "@composio/core"; const composio = new Composio(); const authConfig = await composio.authConfigs.create("GITHUB", { name: "GitHub", type: "use_composio_managed_auth", }); console.log(authConfig); ``` The returned `auth_config_id` should be stored securely in your database for future use to be created and destroyed multiple times. You can also provide your own authentication details. The required `credentials` and `authScheme` depend on the auth type. ## Using your own OAuth2 credentials Setting up and using your own OAuth2 credentials is the recommended way when going to production or expecting high usage. In this example, we're using our own OAuth2 client ID and secret to create the auth config for Notion. **Python:** ```python # Use custom auth auth_config = composio.auth_configs.create( toolkit="notion", options={ "name": "Notion Auth", "type": "use_custom_auth", "auth_scheme": "OAUTH2", "credentials": { "client_id": "1234567890", "client_secret": "1234567890", "oauth_redirect_uri": "https://backend.composio.dev/api/v3/toolkits/auth/callback", }, }, ) print(auth_config) ``` **TypeScript:** ```typescript import { Composio } from '@composio/core'; const composio = new Composio({ apiKey: 'your_api_key' }); const authConfig = await composio.authConfigs.create("NOTION", { name: "Notion", type: "use_custom_auth", credentials: { client_id: "1234567890", client_secret: "1234567890", oauth_redirect_uri: "https://backend.composio.dev/api/v3/toolkits/auth/callback", }, authScheme: "OAUTH2", }); console.log(authConfig); ``` > You can specify a custom redirect URI by including the `oauth_redirect_uri` parameter in the credentials object. If not provided, Composio uses the default redirect URI. **Specifying the authorized redirect URI** The process of setting up your own OAuth2 credentials usually involves generating a client ID and secret and specifying the **authorized redirect URI** in the OAuth configuration. > The **authorized redirect URI** is the URI that captures the OAuth code that is returned to the app. While doing so, you must ensure to set the **authorized redirect URI** in the OAuth configuration to: ``` https://backend.composio.dev/api/v3/toolkits/auth/callback ``` **GitHub:** ![Developer settings for GitHub OAuth2 app](/images/github-callback.png) *Redirect URI for GitHub* **Google:** ![Developer settings for Google OAuth2 app](/images/google-callback.png) *Redirect URI for Google* ## Specifying scopes Composio requests a set of appropriate default OAuth2 scopes for each toolkit wherever possible. However, you can override or modify these scopes by passing a `scopes` field to the `credentials` object. **Python:** ```python from composio import Composio composio = Composio() response = composio.auth_configs.create( toolkit="HUBSPOT", options={ "name": "HubspotConfig", "authScheme": "OAUTH2", "type": "use_composio_managed_auth", "credentials": { "scopes": "sales-email-read,tickets" } } ) print(response.id) ``` **TypeScript:** ```typescript import { Composio } from "@composio/core"; const composio = new Composio(); const authConfig = await composio.authConfigs.create("HUBSPOT", { name: "HubspotConfig", type: "use_composio_managed_auth", credentials: { scopes: "sales-email-read,tickets", }, }); console.log(authConfig); ``` # Other auth types Composio supports many applications that use different authentication types like API keys, Bearer tokens, JWT and even no authentication at all. Generating the auth config for other auth types only has minor differences: * `use_custom_auth` is used instead of `use_composio_managed_auth` * The `credentials` field is used to pass the authentication details * The `authScheme` field is used to specify the auth type **Python:** ```python # Use custom auth auth_config = composio.auth_configs.create( toolkit="perplexityai", options={ "type": "use_custom_auth", "auth_scheme": "API_KEY", "credentials": {} }, ) print(auth_config) ``` **TypeScript:** ```typescript import { Composio } from '@composio/core'; const composio = new Composio({ apiKey: 'your_api_key' }); const authConfig = await composio.authConfigs.create('PERPLEXITYAI', { name: 'Perplexity AI', type: 'use_custom_auth', credentials: {}, authScheme: 'API_KEY', }); console.log(authConfig); ``` # Programmatically inspecting fields In cases where you need to dynamically discover the exact field names and handle different auth schemes programmatically, you can inspect the auth config details first. This works for all auth types. **Python:** ```python required_fields = composio.toolkits.get_auth_config_creation_fields( toolkit="NOTION", auth_scheme="OAUTH2", required_only=True, ) print(required_fields) ``` **TypeScript:** ```typescript import { Composio } from '@composio/core'; const composio = new Composio({ apiKey: 'your_api_key' }); const toolkits = await composio.toolkits.get("NOTION"); // Extract field names from authConfigDetails const authFields = await composio.toolkits.getAuthConfigCreationFields('NOTION', 'OAUTH2', { requiredOnly: true, }); console.log("Required auth config fields:", authFields); ``` Then inspect the required fields and specify them in the `credentials` object. # What to read next - [Custom auth configs](/docs/auth-configuration/custom-auth-configs): Use your own OAuth apps for white-labeled authentication - [Connected accounts](/docs/auth-configuration/connected-accounts): Manage and monitor user connections to toolkits - [Authenticating tools](/docs/tools-direct/authenticating-tools): Create auth configs and connect user accounts --- 📚 **More documentation:** [View all docs](https://docs.composio.dev/llms.txt) | [Glossary](https://docs.composio.dev/llms.mdx/docs/glossary) | [Cookbooks](https://docs.composio.dev/llms.mdx/cookbooks) | [API Reference](https://docs.composio.dev/llms.mdx/reference) --- # Composio SDK — Instructions for AI Code Generators **Context:** This page documents the **direct tool execution API**. For most applications, the session-based pattern (`composio.create(user_id)` + `session.tools()`) is simpler — but if the user is here, they likely want direct execution. --- ## Key Patterns ### Authenticating Users Create an **Auth Config** on [platform.composio.dev](https://platform.composio.dev), then use the auth config ID to generate a hosted auth URL: ```python from composio import Composio composio = Composio() connection = composio.connected_accounts.link( user_id="user_123", auth_config_id="ac_...", # from platform dashboard ) print(connection.redirect_url) # send user here to authenticate ``` ```typescript import { Composio } from "@composio/core"; const composio = new Composio(); const connection = await composio.connectedAccounts.link("user_123", "ac_...", { callbackUrl: "https://your-app.com/callback", }); console.log(connection.redirectUrl); // send user here to authenticate ``` ### Executing Tools ```python tools = composio.tools.get("user_123", tools=["GITHUB_CREATE_ISSUE"]) result = composio.tools.execute( "GITHUB_CREATE_ISSUE", {"owner": "org", "repo": "repo", "title": "Bug report"}, user_id="user_123", ) ``` ```typescript const tools = await composio.tools.get("user_123", { tools: ["GITHUB_CREATE_ISSUE"] }); const result = await composio.tools.execute("GITHUB_CREATE_ISSUE", { userId: "user_123", arguments: { owner: "org", repo: "repo", title: "Bug report" }, }); ``` --- ## Rules 1. **`user_id` is required** — pass it to `tools.get()`, `tools.execute()`, and `provider.handle_tool_calls()`. 2. **`tools.execute()` signature** — Python: `execute(slug, arguments_dict, *, user_id=...)` (arguments is the second positional param). TypeScript: `execute(slug, { userId, arguments })`. 3. **Provider at init** — `Composio(provider=OpenAIProvider())` in Python, `new Composio({ provider: new OpenAIProvider() })` in TypeScript. Defaults to OpenAI if omitted. 4. **Correct provider imports** — `composio_` for Python, `@composio/` for TypeScript. For OpenAI Agents SDK use `composio_openai_agents` / `@composio/openai-agents`. --- ## Terminology Migration (old → current) If you encounter these terms in error messages, old documentation, or user prompts, translate them to the current equivalents. **Do not use the old terms in generated code or explanations.** | Old term (v1/v2) | Current term (v3) | In code | |---|---|---| | entity ID | user ID | `user_id` parameter | | actions | tools | e.g., `GITHUB_CREATE_ISSUE` is a *tool* | | apps / appType | toolkits | e.g., `github` is a *toolkit* | | integration / integration ID | auth config / auth config ID | `auth_config_id` parameter | | connection | connected account | `connected_accounts` namespace | | ComposioToolSet / OpenAIToolSet | `Composio` class with a provider | `Composio(provider=...)` | | toolset | provider | e.g., `OpenAIProvider` | If a user says "entity ID", they mean `user_id`. If they say "integration", they mean "auth config". Always respond using the current terminology.