8ca7e91240
Add authsources and authenticated parameter docs. Format some other .md docs. --------- Co-authored-by: Kurtis Van Gent <31518063+kurtisvg@users.noreply.github.com>
AuthSources
AuthSources represent authentication sources that a tool can interact with.
Toolbox supports authentication providers that conform to the OpenID Connect
(OIDC) protocol. You can
define Auth Sources as a map in the authSources section of your tools.yaml
file. Typically, an Auth Source is required for the following features:
Example
authSources:
my-google-auth:
kind: google
clientId: YOUR_GOOGLE_CLIENT_ID
Tip: If you are accessing Toolbox with multiple applications, each application
should register their own Client ID even if they use the same kind of auth
provider.
Kinds of authSources
We currently support the following types of kinds of authSources:
- Google OAuth 2.0 - Authenticate with a Google-signed OpenID Connect (OIDC) ID token.
ID Token
The OIDC authentication workflow transmit user information with ID tokens. ID
tokens are JSON Web Tokens (JWTs) that are composed of a set of key-value pairs
called
claims.
ID tokens can include claims such as user ID, user name, user emails etc. After
specifying authSources, you can configure your tool's authenticated parameters
by following this guide
Usage
AuthSources can be used for both authorization and authentication:
Authorizationverifies that a Tool invocation request includes the necessary authentication token. Add an authorization layer to your Tool calling by configuring the authorized Tool call.Authenticationverifies the user's identity in a Tool's query to the database. Configure authenticated parameters to auto-populate your Tool parameters from user login info.
After confuring your authSources, use Toolbox Client SDK to add your ID tokens to
the header of a Tool invocation request.