> ## Documentation Index
> Fetch the complete documentation index at: https://tbd-6fc993ce-cj-profile-state.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Get auth connection

> Retrieve an auth connection by its ID. Includes current flow state if a login is in progress.



## OpenAPI

````yaml https://app.stainless.com/api/spec/documented/kernel/openapi.documented.yml get /auth/connections/{id}
openapi: 3.1.0
info:
  title: Kernel API
  description: Developer tools and cloud infrastructure for AI agents to use web browsers
  version: 0.1.0
servers:
  - url: https://api.onkernel.com
    description: API Server
security:
  - bearerAuth: []
tags:
  - name: Browsers
    description: Create and manage browser sessions.
  - name: Browser Replays
    description: Record and manage browser session video replays.
  - name: Profiles
    description: Create, list, retrieve, and delete browser profiles.
  - name: Browser Filesystem
    description: Read, write, and manage files on the browser instance.
  - name: Browser Computer Controls
    description: Control mouse, keyboard, and screen on the browser instance.
  - name: Browser Playwright
    description: Execute Playwright code against the browser instance.
  - name: Browser Processes
    description: Execute and manage processes on the browser instance.
  - name: Browser Logs
    description: Stream logs from the browser instance.
  - name: Extensions
    description: Create, list, retrieve, and delete browser extensions.
  - name: Proxies
    description: Create and manage proxy configurations for routing browser traffic.
  - name: Browser Pools
    description: Create and manage browser pools for acquiring and releasing browsers.
  - name: Managed Auth
    description: >-
      Create and manage auth connections for automated credential capture and
      login.
  - name: Credentials
    description: Create and manage credentials for authentication.
  - name: Credential Providers
    description: Configure external credential providers like 1Password.
  - name: Apps
    description: List applications and versions.
  - name: Deployments
    description: Create and manage app deployments and stream deployment events.
  - name: Invocations
    description: Invoke actions and stream or query invocation status and events.
paths:
  /auth/connections/{id}:
    get:
      tags:
        - Managed Auth
      summary: Get auth connection
      description: >-
        Retrieve an auth connection by its ID. Includes current flow state if a
        login is in progress.
      operationId: getAuthConnectionsById
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
          description: Auth connection ID
      responses:
        '200':
          description: Auth connection details
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ManagedAuth'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalError'
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: JavaScript
          source: |-
            import Kernel from '@onkernel/sdk';

            const client = new Kernel({
              apiKey: process.env['KERNEL_API_KEY'], // This is the default and can be omitted
            });

            const managedAuth = await client.auth.connections.retrieve('id');

            console.log(managedAuth.id);
        - lang: Python
          source: |-
            import os
            from kernel import Kernel

            client = Kernel(
                api_key=os.environ.get("KERNEL_API_KEY"),  # This is the default and can be omitted
            )
            managed_auth = client.auth.connections.retrieve(
                "id",
            )
            print(managed_auth.id)
        - lang: Go
          source: "package main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/kernel/kernel-go-sdk\"\n\t\"github.com/kernel/kernel-go-sdk/option\"\n)\n\nfunc main() {\n\tclient := kernel.NewClient(\n\t\toption.WithAPIKey(\"My API Key\"),\n\t)\n\tmanagedAuth, err := client.Auth.Connections.Get(context.TODO(), \"id\")\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\tfmt.Printf(\"%+v\\n\", managedAuth.ID)\n}\n"
components:
  schemas:
    ManagedAuth:
      type: object
      description: >-
        Managed authentication that keeps a profile logged into a specific
        domain. Flow fields (flow_status, flow_step, discovered_fields,
        mfa_options) reflect the most recent login flow and are null when no
        flow has been initiated.
      required:
        - id
        - profile_name
        - domain
        - status
        - save_credentials
      properties:
        id:
          type: string
          description: Unique identifier for the auth connection
          example: ma_abc123xyz
        profile_name:
          type: string
          description: Name of the profile associated with this auth connection
          example: my-netflix-profile
        domain:
          type: string
          description: Target domain for authentication
          example: netflix.com
        status:
          type: string
          enum:
            - AUTHENTICATED
            - NEEDS_AUTH
          description: Current authentication status of the managed profile
          example: AUTHENTICATED
        last_auth_at:
          type: string
          format: date-time
          description: When the profile was last successfully authenticated
          example: '2025-01-15T10:30:00Z'
        credential:
          $ref: '#/components/schemas/CredentialReference'
        can_reauth:
          type: boolean
          description: >-
            Whether automatic re-authentication is possible (has credential,
            selectors, and login_url)
          example: true
        can_reauth_reason:
          type: string
          description: Reason why automatic re-authentication is or is not possible
          example: has_credential
        proxy_id:
          type: string
          description: ID of the proxy associated with this connection, if any.
        allowed_domains:
          type: array
          items:
            type: string
          description: >
            Additional domains that are valid for this auth flow (besides the
            primary domain). Useful when login pages redirect to different
            domains.


            The following SSO/OAuth provider domains are automatically allowed
            by default and do not need to be specified:

            - Google: accounts.google.com

            - Microsoft/Azure AD: login.microsoftonline.com, login.live.com

            - Okta: *.okta.com, *.oktapreview.com

            - Auth0: *.auth0.com, *.us.auth0.com, *.eu.auth0.com, *.au.auth0.com

            - Apple: appleid.apple.com

            - GitHub: github.com

            - Facebook/Meta: www.facebook.com

            - LinkedIn: www.linkedin.com

            - Amazon Cognito: *.amazoncognito.com

            - OneLogin: *.onelogin.com

            - Ping Identity: *.pingone.com, *.pingidentity.com
          example:
            - login.netflix.com
            - auth.netflix.com
        post_login_url:
          type: string
          format: uri
          description: URL where the browser landed after successful login
          example: https://www.netflix.com/browse
        flow_status:
          type: string
          enum:
            - IN_PROGRESS
            - SUCCESS
            - FAILED
            - EXPIRED
            - CANCELED
          nullable: true
          description: Current flow status (null when no flow in progress)
          example: IN_PROGRESS
        flow_step:
          type: string
          enum:
            - DISCOVERING
            - AWAITING_INPUT
            - AWAITING_EXTERNAL_ACTION
            - SUBMITTING
            - COMPLETED
          nullable: true
          description: Current step in the flow (null when no flow in progress)
          example: AWAITING_INPUT
        flow_type:
          type: string
          enum:
            - LOGIN
            - REAUTH
          nullable: true
          description: Type of the current flow (null when no flow in progress)
          example: LOGIN
        flow_expires_at:
          type: string
          format: date-time
          nullable: true
          description: When the current flow expires (null when no flow in progress)
          example: '2025-11-05T20:00:00Z'
        discovered_fields:
          type: array
          nullable: true
          description: Fields awaiting input (present when flow_step=awaiting_input)
          items:
            $ref: '#/components/schemas/DiscoveredField'
        mfa_options:
          type: array
          nullable: true
          description: >-
            MFA method options (present when flow_step=awaiting_input and MFA
            selection required)
          items:
            $ref: '#/components/schemas/MFAOption'
        pending_sso_buttons:
          type: array
          nullable: true
          description: SSO buttons available (present when flow_step=awaiting_input)
          items:
            $ref: '#/components/schemas/SSOButton'
        external_action_message:
          type: string
          nullable: true
          description: >-
            Instructions for external action (present when
            flow_step=awaiting_external_action)
          example: Tap 'Yes' on the Google prompt on your phone
        website_error:
          type: string
          nullable: true
          description: >-
            Visible error message from the website (e.g., 'Incorrect password').
            Present when the website displays an error during login.
        sso_provider:
          type: string
          nullable: true
          description: SSO provider being used (e.g., google, github, microsoft)
          example: google
        error_message:
          type: string
          nullable: true
          description: Error message (present when flow_status=failed)
          example: Invalid password
        hosted_url:
          type: string
          format: uri
          nullable: true
          description: >-
            URL to redirect user to for hosted login (present when flow in
            progress)
          example: https://auth.kernel.com/login/abc123xyz
        live_view_url:
          type: string
          format: uri
          nullable: true
          description: Browser live view URL for debugging (present when flow in progress)
          example: https://live.kernel.com/abc123xyz
        health_check_interval:
          type: integer
          nullable: true
          minimum: 300
          maximum: 86400
          description: >
            Interval in seconds between automatic health checks. When set, the
            system periodically

            verifies the authentication status and triggers re-authentication if
            needed.

            Maximum is 86400 (24 hours). Default is 3600 (1 hour). The minimum
            depends on your plan:

            Enterprise: 300 (5 minutes), Startup: 1200 (20 minutes), Hobbyist:
            3600 (1 hour).
          example: 3600
        save_credentials:
          type: boolean
          description: >-
            Whether credentials are saved after every successful login. One-time
            codes (TOTP, SMS, etc.) are not saved.
          example: true
      additionalProperties: false
    CredentialReference:
      type: object
      description: |
        Reference to credentials for the auth connection. Use one of:
        - { name } for Kernel credentials
        - { provider, path } for external provider item
        - { provider, auto: true } for external provider domain lookup
      properties:
        name:
          type: string
          description: Kernel credential name
          example: my-netflix-creds
        provider:
          type: string
          description: External provider name (e.g., "my-1p")
          example: my-1p
        path:
          type: string
          description: Provider-specific path (e.g., "VaultName/ItemName" for 1Password)
          example: Personal/Netflix
        auto:
          type: boolean
          description: If true, lookup by domain from the specified provider
          example: true
      additionalProperties: false
    DiscoveredField:
      type: object
      description: A discovered form field
      properties:
        name:
          type: string
          description: Field name
          example: email
        type:
          type: string
          enum:
            - text
            - email
            - password
            - tel
            - number
            - url
            - code
            - totp
          description: Field type
          example: email
        label:
          type: string
          description: Field label
          example: Email address
        placeholder:
          type: string
          description: Field placeholder
          example: you@example.com
        required:
          type: boolean
          description: Whether field is required
          default: true
          example: true
        selector:
          type: string
          description: CSS selector for the field
          example: input#email
        linked_mfa_type:
          $ref: '#/components/schemas/MFAType'
          nullable: true
          description: >-
            If this field is associated with an MFA option, the type of that
            option (e.g., password field linked to "Enter password" option)
      required:
        - name
        - type
        - label
        - selector
      additionalProperties: false
    MFAOption:
      type: object
      description: An MFA method option for verification
      properties:
        type:
          $ref: '#/components/schemas/MFAType'
        label:
          type: string
          description: The visible option text
          example: Text me a code
        target:
          type: string
          nullable: true
          description: The masked destination (phone/email) if shown
          example: '***-***-5678'
        description:
          type: string
          nullable: true
          description: Additional instructions from the site
          example: We'll send a 6-digit code to your phone
      required:
        - type
        - label
      additionalProperties: false
    SSOButton:
      type: object
      description: An SSO button for signing in with an external identity provider
      properties:
        selector:
          type: string
          description: XPath selector for the button
          example: xpath=//button[contains(text(), 'Continue with Google')]
        provider:
          type: string
          description: Identity provider name
          example: google
        label:
          type: string
          description: Visible button text
          example: Continue with Google
      required:
        - selector
        - provider
        - label
      additionalProperties: false
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Application-specific error code (machine-readable)
          example: bad_request
        message:
          type: string
          description: Human-readable error description for debugging
          example: 'Missing required field: app_name'
        details:
          type: array
          description: Additional error details (for multiple errors)
          items:
            $ref: '#/components/schemas/ErrorDetail'
        inner_error:
          $ref: '#/components/schemas/ErrorDetail'
    MFAType:
      type: string
      enum:
        - sms
        - call
        - email
        - totp
        - push
        - password
      description: >-
        The MFA delivery method type (includes password for auth method
        selection pages)
      example: sms
    ErrorDetail:
      type: object
      properties:
        code:
          type: string
          description: Lower-level error code providing more specific detail
          example: invalid_input
        message:
          type: string
          description: Further detail about the error
          example: Provided version string is not semver compliant
  responses:
    Unauthorized:
      description: Unauthorized – missing or invalid authorization token
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalError:
      description: Internal Server Error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````