yujunjun/autogen
1
0
Fork 0
mirror of https://github.com/microsoft/autogen.git synced 2025-07-08 09:31:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
autogen/python/packages/autogen-studio/autogenstudio/web/auth/models.py

94 lines
2.8 KiB
Python
Raw Normal View History

Enable Auth in AGS (#5928) <!-- Thank you for your contribution! Please review https://microsoft.github.io/autogen/docs/Contribute before opening a pull request. --> <!-- Please add a reviewer to the assignee section when you create a PR. If you don't have the access to it, we will shortly find a reviewer and assign them to your PR. --> ## Why are these changes needed? https://github.com/user-attachments/assets/b649053b-c377-40c7-aa51-ee64af766fc2 <img width="100%" alt="image" src="https://github.com/user-attachments/assets/03ba1df5-c9a2-4734-b6a2-0eb97ec0b0e0" /> ## Authentication This PR implements an experimental authentication feature to enable personalized experiences (multiple users). Currently, only GitHub authentication is supported. You can extend the base authentication class to add support for other authentication methods. By default authenticatio is disabled and only enabled when you pass in the `--auth-config` argument when running the application. ### Enable GitHub Authentication To enable GitHub authentication, create a `auth.yaml` file in your app directory: ```yaml type: github jwt_secret: "your-secret-key" token_expiry_minutes: 60 github: client_id: "your-github-client-id" client_secret: "your-github-client-secret" callback_url: "http://localhost:8081/api/auth/callback" scopes: ["user:email"] ``` Please see the documentation on [GitHub OAuth](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authenticating-to-the-rest-api-with-an-oauth-app) for more details on obtaining the `client_id` and `client_secret`. To pass in this configuration you can use the `--auth-config` argument when running the application: ```bash autogenstudio ui --auth-config /path/to/auth.yaml ``` Or set the environment variable: ```bash export AUTOGENSTUDIO_AUTH_CONFIG="/path/to/auth.yaml" ``` ```{note} - Authentication is currently experimental and may change in future releases - User data is stored in your configured database - When enabled, all API endpoints require authentication except for the authentication endpoints - WebSocket connections require the token to be passed as a query parameter (`?token=your-jwt-token`) ``` ## Related issue number <!-- For example: "Closes #1234" --> Closes #4350 ## Checks - [ ] I've included any doc changes needed for <https://microsoft.github.io/autogen/>. See <https://github.com/microsoft/autogen/blob/main/CONTRIBUTING.md> to build and test documentation locally. - [ ] I've added tests (if relevant) corresponding to the changes introduced in this PR. - [ ] I've made sure all auto checks have passed. --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-03-14 15:02:05 -07:00
import os
from typing import Any, Dict, List, Literal, Optional, Union
from pydantic import BaseModel, Field, field_validator
class GithubAuthConfig(BaseModel):
client_id: str
client_secret: str
callback_url: str
scopes: List[str] = ["user:email"]
class MSALAuthConfig(BaseModel):
tenant_id: str
client_id: str
client_secret: str
callback_url: str
scopes: List[str] = ["User.Read"]
class FirebaseAuthConfig(BaseModel):
api_key: str
auth_domain: str
project_id: str
class AuthConfig(BaseModel):
"""Authentication configuration model for the application."""
type: Literal["none", "github", "msal", "firebase"] = "none"
github: Optional[GithubAuthConfig] = None
msal: Optional[MSALAuthConfig] = None
firebase: Optional[FirebaseAuthConfig] = None
jwt_secret: Optional[str] = None
token_expiry_minutes: int = 60
exclude_paths: List[str] = [
"/", # root for serving frontend
"/api/health",
"/api/version",
"/api/auth/login-url",
"/api/auth/callback-handler",
"/api/auth/callback",
"/api/auth/type",
]
@field_validator("github")
@classmethod
def validate_github_config(cls, v, info):
"""Validate GitHub config is present when github type is selected."""
values = info.data
if values.get("type") == "github" and v is None:
raise ValueError("GitHub configuration required when type is 'github'")
return v
@field_validator("msal")
@classmethod
def validate_msal_config(cls, v, info):
"""Validate MSAL config is present when msal type is selected."""
values = info.data
if values.get("type") == "msal" and v is None:
raise ValueError("MSAL configuration required when type is 'msal'")
return v
@field_validator("firebase")
@classmethod
def validate_firebase_config(cls, v, info):
"""Validate Firebase config is present when firebase type is selected."""
values = info.data
if values.get("type") == "firebase" and v is None:
raise ValueError("Firebase configuration required when type is 'firebase'")
return v
@field_validator("jwt_secret")
@classmethod
def validate_jwt_secret(cls, v, info):
"""Validate JWT secret is present for auth types other than 'none'."""
values = info.data
if values.get("type") != "none" and not v:
raise ValueError("JWT secret is required for authentication")
return v
class User(BaseModel):
"""User model for authenticated users."""
id: str
name: str
email: Optional[str] = None
avatar_url: Optional[str] = None
provider: Optional[str] = None
roles: List[str] = ["user"]
metadata: Optional[Dict[str, Any]] = None
Reference in New Issue Copy Permalink