Skip to content

Latest commit

 

History

History
51 lines (35 loc) · 1.54 KB

auth.md

File metadata and controls

51 lines (35 loc) · 1.54 KB

Auth

By default, we're using cookies as a mock auth method. It's for trying out OpenGPTs. For production, we recommend using JWT auth, outlined below.

JWT Auth: Options

There are two ways to use JWT: Local and OIDC. The main difference is in how the key used to decode the JWT is obtained. For the Local method, you'll provide the decode key as a Base64-encoded string in an environment variable. For the OIDC method, the key is obtained from the OIDC provider automatically.

JWT OIDC

If you're looking to integrate with an identity provider, OIDC is the way to go. It will figure out the decode key for you, so you don't have to worry about it. Just set AUTH_TYPE=jwt_oidc along with the issuer and audience. Audience can be one or many - just separate them with commas.

export AUTH_TYPE=jwt_oidc
export JWT_ISS=<issuer>
export JWT_AUD=<audience>  # or <audience1>,<audience2>,...

JWT Local

To use JWT Local, set AUTH_TYPE=jwt_local. Then, set the issuer, audience, algorithm used to sign the JWT, and the decode key in Base64 format.

export AUTH_TYPE=jwt_local
export JWT_ISS=<issuer>
export JWT_AUD=<audience>
export JWT_ALG=<algorithm>  # e.g. ES256
export JWT_DECODE_KEY_B64=<base64_decode_key>

Base64 is used for the decode key because handling multiline strings in environment variables is error-prone. Base64 makes it a one-liner, easy to paste in and use.

Making Requests

To make authenticated requests, include the JWT in the Authorization header as a Bearer token:

Authorization: Bearer <JWT>