Collect credentials via Kernel’s hosted page, then use the authenticated session in your automations. This is the recommended approach for most applications.
Use the Hosted UI when:
- You need users to provide their credentials
- You want the simplest integration with minimal code
- You want Kernel to handle 2FA and multi-step login flows
Getting started
1. Create a Connection
A Managed Auth Connection links a profile to a domain you want to keep authenticated.
const auth = await kernel.auth.connections.create({
domain: 'linkedin.com',
profile_name: 'linkedin-profile',
});
2. Start a Login Session
Start a Managed Auth Session to get the hosted login URL.
const login = await kernel.auth.connections.login(auth.id);
3. Collect Credentials
Send the user to the hosted login page:
window.location.href = login.hosted_url;
- See the login page for the target website
- Enter their credentials
- Complete 2FA if needed
4. Poll for Completion
On your backend, poll until authentication completes:
let state = await kernel.auth.connections.retrieve(auth.id);
while (state.flow_status === 'IN_PROGRESS') {
await new Promise(r => setTimeout(r, 2000));
state = await kernel.auth.connections.retrieve(auth.id);
}
if (state.status === 'AUTHENTICATED') {
console.log('Authentication successful!');
}
Poll every 2 seconds. The session expires after 5 minutes if not completed.
5. Use the Profile
Create browsers with the profile and navigate to the site—the session is already authenticated:
const browser = await kernel.browsers.create({
profile: { name: 'linkedin-profile' },
stealth: true,
});
// Navigate to the site—you're already logged in
await page.goto('https://linkedin.com');
Use stealth: true when creating browsers for authenticated sessions.
Complete Example
import Kernel from '@onkernel/sdk';
const kernel = new Kernel();
// Create connection
const auth = await kernel.auth.connections.create({
domain: 'doordash.com',
profile_name: 'doordash-user-123',
});
// Start authentication
const login = await kernel.auth.connections.login(auth.id);
// Send user to hosted page
console.log('Login URL:', login.hosted_url);
// Poll for completion
let state = await kernel.auth.connections.retrieve(auth.id);
while (state.flow_status === 'IN_PROGRESS') {
await new Promise(r => setTimeout(r, 2000));
state = await kernel.auth.connections.retrieve(auth.id);
}
if (state.status === 'AUTHENTICATED') {
const browser = await kernel.browsers.create({
profile: { name: 'doordash-user-123' },
stealth: true,
});
// Navigate to the site—you're already logged in
await page.goto('https://doordash.com');
}
Adding Features
The basic flow above gets you started. Add these features as needed:
Credentials and Auto-Reauth
Credentials are saved automatically on successful login, enabling automatic re-authentication when the session expires—no user interaction needed.
To opt out of credential saving, set save_credentials: false when creating the connection. See Credentials for more on automated authentication.
Custom Login URL
If the site’s login page isn’t at the default location, specify it when creating the connection:
const auth = await kernel.auth.connections.create({
domain: 'example.com',
profile_name: 'my-profile',
login_url: 'https://example.com/auth/signin',
});
SSO/OAuth Support
For sites with “Sign in with Google/GitHub/Microsoft”, add the OAuth provider’s domains to allowed_domains:
const auth = await kernel.auth.connections.create({
domain: 'example.com',
profile_name: 'my-profile',
allowed_domains: ['accounts.google.com', 'google.com'],
});
Post-Login URL
After successful authentication, retrieve the connection to get post_login_url—the page where the login landed. Use this to start your automation from the right place:
const managedAuth = await kernel.auth.connections.retrieve(auth.id);
if (managedAuth.post_login_url) {
await page.goto(managedAuth.post_login_url);
// Start automation from the dashboard/home page
}
