From c52819d47caafc7a38fcd752db2d324242b7b96e Mon Sep 17 00:00:00 2001 From: Krrish Dholakia Date: Mon, 1 Apr 2024 18:52:00 -0700 Subject: [PATCH] fix(proxy_server.py): don't require scope for team-based jwt access If team with the client_id exists then it should be allowed to make a request, if it doesn't then as we discussed it should return an error --- docs/my-website/docs/proxy/token_auth.md | 2 +- litellm/proxy/proxy_server.py | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/docs/my-website/docs/proxy/token_auth.md b/docs/my-website/docs/proxy/token_auth.md index 588c7a00e8..40ac235233 100644 --- a/docs/my-website/docs/proxy/token_auth.md +++ b/docs/my-website/docs/proxy/token_auth.md @@ -149,7 +149,7 @@ general_settings: enable_jwt_auth: True litellm_jwtauth: ... - team_jwt_scope: "litellm-team" # 👈 Set JWT Scope string + team_id_jwt_field: "litellm-team" # 👈 Set field in the JWT token that stores the team ID team_allowed_routes: ["/v1/chat/completions"] # 👈 Set accepted routes ``` diff --git a/litellm/proxy/proxy_server.py b/litellm/proxy/proxy_server.py index 0f2738dfb9..cc4dd5c74e 100644 --- a/litellm/proxy/proxy_server.py +++ b/litellm/proxy/proxy_server.py @@ -385,12 +385,6 @@ async def user_api_key_auth( raise Exception( f"Admin not allowed to access this route. Route={route}, Allowed Routes={actual_routes}" ) - # check if team in scopes - is_team = jwt_handler.is_team(scopes=scopes) - if is_team == False: - raise Exception( - f"Missing both Admin and Team scopes from token. Either is required. Admin Scope={jwt_handler.litellm_jwtauth.admin_jwt_scope}, Team Scope={jwt_handler.litellm_jwtauth.team_jwt_scope}" - ) # get team id team_id = jwt_handler.get_team_id(token=valid_token, default_value=None)