modest helm
I have built an adapter that calls Composio tools, and I wanted to check on a security concern.
Since the adapter will interact with an LLM — then GPT calls Composio — I want to confirm whether the Composio access token is handled securely for users.
Previously, my own Composio account got blocked, which caused me to receive a lot of spam and fake emails.
Could you please clarify how the access tokens are secured and what measures are in place to protect user credentials?
Thanks!
modest helm
#1268871288156323901 any one is here?
vale ridge
Token security: The LLM just generates the request body. We pass the auth securely without the LLM's involvement.
Account block and spam emails: The "This app is blocked" happens when you try to request scopes that aren't available in the OAuth app. It's a warning and safety feature from Google, not the cause for spam and fake emails.
Learn more about security here:
Security at Composio: https://trust.composio.dev/
How data is processed and stored: https://trust.composio.dev/faq?s=u1cihc8gcmln3y1a2fqyi
modest helm
but in composio dashboard i can see all user auth token
and when run terminal
https://backend.composio.dev/api/v3/connected_accounts?auth_config_ids= &user_ids=
there give auth config
and user id and here token
look this
@vale ridge ^^
vale ridge
Yes, you can see access tokens — this supports workflows where you need direct token access.
We're currently working on RBAC (Role-Based Access Control) to add restrictions and give you better control over token visibility
modest helm
Just one last question: if any developer builds an AI agent using Composio for a user, will the developer have the user's access token? Will that developer be able to access the user's email? And you mention everything is encrypted, but the developer can still see the user's token.
@vale ridge ^
modest helm
@vale ridge ??