Partnership Announcement
Anchor X Cloudflare - Verified Browser Agents

Authentication for Agentic Workflows

Technical Dive
Oct 14

Browser agents are capable of automating complex workflows, but authentication remains a critical friction point. Most legacy web systems weren't designed for agents; they expect humans to handle authentication challenges such as MFA prompts, solve CAPTCHAs, and complete OAuth redirects. Without persistent authentication, agents start fresh on every execution, forcing re-authentication for each workflow.

The result? Agents that can reason about tasks but get stuck at login screens.

Two approaches solve this: managed authentication services like Composio that handle credentials for 250+ popular tools, or DIY browser profile sessions from platforms like Anchor that work with any website. The right choice depends on whether you're building user-facing products or internal automation, and which systems your agents need to access.

Managed Authentication with Composio

Composio provides pre-configured authentication for hundreds of popular web services including Gmail, Salesforce, Slack, and GitHub. Instead of building OAuth flows and managing token refresh yourself, Composio's auth configs handle the complexity automatically.

The integration is straightforward: initiate a connection, your user completes OAuth authorization via redirect, and your agent gets ready-to-use tools with authenticated access. You never store user credentials directly. Composio manages tokens, handles refresh, and provides full observability with detailed tool usage logs and execution timestamps.

An example Gmail authentication sequence with Composio:

// Get entity for the user
const entity = await composio.client.getEntity(entityId);

// Initiate connection - user gets redirected to OAuth
const connection = await entity.initiateConnection('gmail');
console.log("User must authorize via:", connection.redirectUrl);

// Wait for user to complete OAuth authorization
const connectedAccount = await connection.waitUntilActive(60); // 60 second timeout

// Agent now has authenticated access to Gmail tools
// Composio securely handles token storage and refresh

// Use an authenticated Gmail tool - send an email
const result = await composio.tools.execute({
  action: 'gmail_send_email',
  params: {
    recipient_email: 'user@example.com',
    subject: 'Test from Agent',
    body: 'This email was sent by an AI agent using Composio'
  },
  entityId: entityId
});

This one-line integration pattern works because Composio handles authentication on behalf of your users. It securely stores their credentials while your agents act with their permissions. When tokens expire, Composio automatically refreshes them for OAuth schemes or generates new login URLs when re-authorization is required. This makes Composio particularly powerful for multi-tenant scenarios where you're building products for users to connect their own accounts.

Best For

Composio excels when you're building user-facing products where individual users connect their own accounts.

  • Multi-tenant applications where users authenticate with their Gmail, Salesforce, or Slack
  • Teams wanting minimal authentication code and automatic token management
  • Standard OAuth or API key workflows with services in Composio's catalog
  • Applications requiring detailed observability and monitoring of agent actions

DIY Authentication with Anchor Browser Profiles

Anchor Browser profiles take a different approach: they work with any website, not just pre-configured services. A profile captures the complete authenticated state of a browser session, including cookies, local storage, authentication tokens – and persists it for reuse across multiple agent executions.

We believe this DIY approach gives you maximum flexibility. You control the authentication flow, whether it's deterministic steps through a login form or stochastic workflows that adapt to different UI states. You manage the profile lifecycle, handle expiration, and build your own resilience logic. It's more engineering work, but it works with any system.

How Anchor Browser Profiles Work:

// Create a profile from an authenticated session
const createProfile = async () => {
  const response = await fetch('https://api.anchorbrowser.io/v1/profiles', {
    method: 'POST',
    headers: {
      'anchor-api-key': '<api-key>',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      name: 'salesforce-dashboard',
      description: 'Authenticated session for internal dashboard',
      source: 'session',
      session_id: '550e8400-e29b-41d4-a716-446655440000',
      dedicated_sticky_ip: true
    })
  });
  
  const data = await response.json();
  console.log('Profile created:', data);
};

// Retrieve the profile to verify or use in new sessions
const getProfile = async () => {
  const response = await fetch('https://api.anchorbrowser.io/v1/profiles/salesforce-dashboard', {
    method: 'GET',
    headers: {
      'anchor-api-key': '<api-key>'
    }
  });
  
  const data = await response.json();
  console.log('Profile retrieved:', data);
};

Once created, launch new browser sessions with this profile and new browser agents will initialize already authenticated. You're responsible for monitoring profile health, refreshing authentication when sessions expire, and handling edge cases. This gives you complete control over the agent authentication strategy.

Best For

Anchor Browser profiles excel when you're building internal automation with your own credentials. They're ideal for:

  • Internal tools and dashboards where you control the credentials directly
  • Single-tenant automation scenarios without multiple user accounts
  • Custom or legacy systems not available in managed auth services
  • Applications without modern APIs that require browser-based interaction
  • Advanced authentication scenarios requiring custom proxies or dedicated IPs for security-conscious enterprises
  • Teams comfortable managing authentication complexity and profile lifecycle


Note

For in-depth guidance on all the available methods for bespoke browser authentication, check out our post, An Overview of Authenticated Browser Automation.

Conclusion

Authentication for agentic workflows comes down to choosing the right approach for your use case. Composio excels for user-facing products where users connect their own accounts. Their tools for each of hundreds of connected services also help to minimize engineering effort and provide full observability logs into agent actions, giving your users peace of mind when your agents acted on their behalf. Anchor Browser profiles work with any website and shine when building internal tools with your own credentials or authenticating with custom systems not available through Composio.

Choose Composio if you're building multi-tenant applications where users connect to systems like Gmail, Salesforce, or Slack. Choose Anchor Browser if you're automating internal workflows with your own credentials, need to authenticate with legacy systems, or require advanced authentication scenarios with custom proxies and enterprise security requirements.

The decision comes down to two key questions:

  1. Are you managing authentication for your users or for yourself?
  2. Do your target systems exist in a pre-configured catalog or require custom authentication flows?

Authentication shouldn't be the bottleneck that keeps capable agents stuck at login screens. With the right approach–whether managed services or DIY profiles–you eliminate this friction and let agents focus on what they do best: automating complex workflows and getting work done.

Recent articles

See all
Technical Dive
Oct 20

Anchor is powering Groq Compound

Technical Dive
Oct 1

The Evolution of Browser Automation

Technical Dive
Sep 24

Key Principles for Robust Browser Automation

Stay ahead in browser automation

We respect your inbox. Privacy policy

Welcome aboard! Thanks for signing up
Oops! Something went wrong while submitting the form.
Twitter
LinkedIn
Terms of use
Privacy policy
Trust center
Service status
made by tonik