feat: introduce OAuth2TokenAuthProvider and notion of "principal" (#2185)

mirror of https://github.com/meta-llama/llama-stack.git synced 2025-12-06 02:30:58 +00:00

This PR adds a notion of `principal` (aka some kind of persistent
identity) to the authentication infrastructure of the Stack. Until now
we only used access attributes ("claims" in the more standard OAuth /
OIDC setup) but we need the notion of a User fundamentally as well.
(Thanks @rhuss for bringing this up.)

This value is not yet _used_ anywhere downstream but will be used to
segregate access to resources.

In addition, the PR introduces a built-in JWT token validator so the
Stack does not need to contact an authentication provider to validating
the authorization and merely check the signed token for the represented
claims. Public keys are refreshed via the configured JWKS server. This
Auth Provider should overwhelmingly be considered the default given the
seamless integration it offers with OAuth setups.

This commit is contained in:

Ashwin Bharambe

2025-05-18 17:54:19 -07:00

• committed by

GitHub

parent 1341916caf

commit c7015d3d60

No known key found for this signature in database

GPG key ID: B5690EEEBB952194

6 changed files with 2551 additions and 2257 deletions

									
										1

pyproject.toml
									
										View file
										
				@ -31,6 +31,7 @@ dependencies = [

				    "openai>=1.66",

				    "prompt-toolkit",

				    "python-dotenv",

				    "python-jose",

				    "pydantic>=2",

				    "requests",

				    "rich",

Rows
Columns

feat: introduce OAuth2TokenAuthProvider and notion of "principal" (#2185)

1 pyproject.toml Unescape Escape View file

1

pyproject.toml

View file