search

defenseunicorns / leapfrogai

Production-ready Generative AI for local, cloud native, airgap, and edge deployments.
https://leapfrog.ai
Apache License 2.0
245 stars 25 forks source link

feat(api) Session Authentication via API #576

Closed barronstone closed 3 weeks ago

barronstone commented 1 month ago

User Story

As a Third-Party application using LeapfrogAI's API I want to receive a session authentication token via the API So that I can securely access LeapfrogAI via the API.

Acceptance Criteria

Given I make an authenticated call to the LeapfrogAI API to create a session auth token. When I use the auth token to make calls to the API. Then authentication and RLS works as it does when I use a Supabase JWT access token.

Describe alternatives you've considered

There is another open issue for Long Lived API Keys. We need to decide if it makes sense to implement session authentication, long-lived keys, or both.

Additional context

Add any other context or screenshots about the feature request here.

barronstone commented 3 weeks ago

Developers can currently query Supabase to get a short-lived session token, so this issue is no longer needed. We will implement the ability to generate long-lived keys via the API with issue https://github.com/defenseunicorns/leapfrogai/issues/561