Open kientv opened 1 month ago
hmm not possible for now, something we plan on roadmap
Hi, I've a similar request here #227 and I've made PR #226 which introduces this kind of functionality. I our case we a portal that users log into and then they see the bot. The portal is protected by an OAuth flow. With our addition we can now push down that JTW token to the API by injecting it into the http request before it got sent.
sequenceDiagram
participant User
participant API Gateway
participant Identity Server
participant FlowiseAI API
User->>Identity Server: OAuth dance to get JWT token
Identity Server-->>User: Get JWT Token and store in Browser
User->>API Gateway: GET /api/ai/* (JWT injected in header)
Note right of API Gateway: API Gateway validates JWT
API Gateway-->>FlowiseAI API: Forward request unauthenticated
FlowiseAI API-->>API Gateway: Response
API Gateway-->>User: Response
What's oauth2 grant type do you use in myIdentityApi.getCredencial()
In our case we have integrated it within our Backstage portal. Backstage provides a way to get the JWT token clientside. Other sites might store it in local storage. It really depends on the framework you are using.
In Backstage the auth flow is consent and refresh flow: https://backstage.io/docs/auth/oauth
Could we restrict chat user by personal token (API key) or username, password . Do not want to public bot in the internet