Asana auth provider

The Asana auth provider enables tools and agents to call Asana APIs on behalf of a user. Behind the scenes, the Arcade Engine and the Asana auth provider seamlessly manage Asana OAuth 2.0 authorization for your users.

Want to quickly get started with Asana services in your agent or AI app? The pre-built Arcade Asana toolkit is what you want!

What’s documented here

This page describes how to use and configure Asana auth with Arcade.

This auth provider is used by:

Use Arcade’s Default Asana Auth Provider

Arcade offers a default Asana auth provider that you can use in the Arcade Cloud. In this case, your users will see Arcade as the name of the application that’s requesting permission.

If you choose to use Arcade’s Asana auth, you don’t need to configure anything. Follow the Asana toolkit examples to get started calling Asana tools.

Use Your Own Asana App Credentials

In a production environment, you will most likely want to use your own Asana app credentials. This way, your users will see your application’s name requesting permission.

You can use your own Asana credentials in both the Arcade Cloud and in a self-hosted Arcade Engine instance.

Before showing how to configure your Asana app credentials, let’s go through the steps to create an Asana app.

Create an Asana App

Follow the documentation on Building an App with Asana. You may create a developer sandbox account to test your app before moving to production.

When creating your app, use the following settings:

  • Set an appropriate App name, description and icon. This will be visible to your users authorizing access to your app.
  • Take note of the Client ID and Client Secret.
  • In the OAuth settings:
    • Under “Redirect URLs”, click Add Redirect URL and add https://cloud.arcade.dev/api/v1/oauth/callback.
    • Under “Permission Scopes”, select “Full Permissions”
  • In the “App Listing Details” section, optionally add more information about your app.
  • In the “Manage Distribution” section, under “Choose a distribution method”, select “Any workspace”.
  • Optionally, submit your app for the Asana team review.

Asana recently introduced granular permission scopes. This feature is still in preview and the scopes available at the moment do not include all endpoints/actions that the Asana Toolkit needs. For those reasons, Arcade uses the “Full Permissions” scope.

Configuring your own Asana Auth Provider in Arcade

There are two ways to configure your Asana app credentials in Arcade:

  1. From the Arcade Dashboard GUI
  2. By editing the engine.yaml file directly (only possible with a self-hosted Arcade Engine)

We show both options step-by-step below.

Configure Asana Auth Using the Arcade Dashboard GUI

Access the Arcade Dashboard

To access the Arcade Cloud dashboard, go to api.arcade.dev/dashboard. If you are self-hosting, by default the dashboard will be available at http://localhost:9099/dashboard. Adjust the host and port number to match your environment.

  • Under the OAuth section of the Arcade Dashboard left-side menu, click Providers.
  • Click Add OAuth Provider in the top right corner.
  • Select the Included Providers tab at the top.
  • In the Provider dropdown, select Asana.

Enter the provider details

  • Choose a unique ID for your provider (e.g. “my-asana-provider”).
  • Optionally enter a Description.
  • Enter the Client ID and Client Secret from your Asana app.

Create the provider

Hit the Create button and the provider will be ready to be used in the Arcade Engine.

When you use tools that require Asana auth using your Arcade account credentials, the Arcade Engine will automatically use this Asana OAuth provider. If you have multiple Asana providers, see using multiple auth providers of the same type for more information.

Using the Arcade Asana Toolkit

The Arcade Asana toolkit provides tools to interact with various Asana objects, such as tasks, projects, teams, and users.

Refer to the toolkit documentation and examples to learn how to use the toolkit to build agents and AI apps that interact with Asana services.

Using Asana auth in app code

Use the Asana auth provider in your own agents and AI apps to get a user-scoped token for the Asana API. See authorizing agents with Arcade to understand how this works.

Use client.auth.start() to get a user token for the Asana API:

As explained above, the Asana granular permission scopes are in preview and not yet supported. The "default" scope should be used to authorize any action/endpoint you need to call in the Asana API.

If you are self-hosting Arcade, change the base_url parameter in the Arcade constructor to match your Arcade Engine URL. By default, the Engine will be available at http://localhost:9099.

from arcadepy import Arcade
 
client = Arcade(base_url="https://api.arcade.dev")  # Automatically finds the `ARCADE_API_KEY` env variable
 
user_id = "user@example.com"
 
# Start the authorization process
auth_response = client.auth.start(
    user_id=user_id,
    provider="asana",
    scopes=["default"],
)
 
if auth_response.status != "completed":
    print("Please complete the authorization challenge in your browser:")
    print(auth_response.url)
 
# Wait for the authorization to complete
auth_response = client.auth.wait_for_completion(auth_response)
 
# Do something interesting with the token...
auth_token = auth_response.context.token

You can use the auth token to call the Get multiple tasks endpoint and read information about tasks, for example. Any Asana API endpoint can be called with the auth token.

Using Asana auth in custom tools

You can use the pre-built Arcade Asana toolkit to quickly build agents and AI apps that interact with Asana.

If the pre-built tools in the Asana toolkit don’t meet your needs, you can author your own custom tools that interact with Asana API.

Use the Asana() auth class to specify that a tool requires authorization with Asana. The authentication token needed to call the Asana API is available in the tool context through the context.get_auth_token_or_empty() method.

As explained above, the Asana granular permission scopes are in preview and not yet supported. The "default" scope should be used as the only scope in all tools.

from typing import Annotated
 
import httpx
 
from arcade.sdk import ToolContext, tool
from arcade.sdk.auth import Asana
 
 
@tool(requires_auth=Asana(scopes=["default"]))
async def delete_task(
    context: ToolContext,
    task_id: Annotated[str, "The ID of the task to delete."],
) -> Annotated[dict, "Details of the deletion response"]:
    """Deletes a task."""
    url = f"https://api.asana.com/api/1.0/tasks/{task_id}"
    headers = {
        "Authorization": f"Bearer {context.get_auth_token_or_empty()}",
        "Accept": "application/json",
    }
 
    async with httpx.AsyncClient() as client:
        response = await client.delete(url, headers=headers)
        response.raise_for_status()
        return response.json()

If you are self-hosting Arcade, you will need to restart the Arcade Worker and the Engine for the new tool to be available.

Your new tool can be called like demonstrated below:

If you are self-hosting, change the base_url parameter in the Arcade constructor to match your Arcade Engine URL. By default, the Engine will be available at http://localhost:9099.

from arcadepy import Arcade
 
client = Arcade(base_url="https://api.arcade.dev")  # Automatically finds the `ARCADE_API_KEY` env variable
 
USER_ID = "user@example.com"
TOOL_NAME = "Asana.DeleteTask"
 
auth_response = client.tools.authorize(tool_name=TOOL_NAME, user_id=USER_ID)
 
if auth_response.status != "completed":
    print(f"Click this link to authorize: {auth_response.url}")
 
# Wait for the authorization to complete
client.auth.wait_for_completion(auth_response)
 
tool_input = {
    "task_id": "1234567890",
}
 
response = client.tools.execute(
    tool_name=TOOL_NAME,
    input=tool_input,
    user_id=USER_ID,
)
print(response.output.value)