LangStream Documentation
Langstream.aiLangStream GitHub RepoChangelog
  • LangStream Documentation
  • ❀️Langstream.ai
  • ⭐LangStream GitHub Repo
  • πŸ“œChangelog
  • about
    • What is LangStream?
    • License
  • Get Started
  • installation
    • LangStream CLI
    • Docker
    • Minikube (mini-langstream)
    • Kubernetes
    • Build and install from source
  • Building Applications
    • Vector Databases
    • Application structure
      • Pipelines
      • Instances
      • Configuration
      • Topics
      • Assets
      • Secrets
      • YAML templating
      • Error Handling
      • Stateful agents
      • .langstreamignore
    • Sample App
    • Develop, test and deploy
    • Application Lifecycle
    • Expression Language
    • API Gateways
      • Websocket
      • HTTP
      • Message filtering
      • Gateway authentication
    • API Reference
      • Agents
      • Resources
      • Assets
  • LangStream CLI
    • CLI Commands
    • CLI Configuration
    • Web interface
  • Integrations
    • Large Language Models (LLMs)
      • OpenAI
      • Hugging Face
      • Google Vertex AI
      • Amazon Bedrock
      • Ollama
    • Data storage
      • Astra Vector DB
      • Astra
      • Cassandra
      • Pinecone
      • Milvus
      • Solr
      • JDBC
      • OpenSearch
    • Integrations
      • Apache Kafka Connect
      • Apache Camel
    • LangServe
  • Pipeline Agents
    • Agent Messaging
    • Builtin agents
      • Input & Output
        • webcrawler-source
        • s3-source
        • azure-blob-storage-source
        • sink
        • vector-db-sink
        • camel-source
      • AI Agents
        • ai-chat-completions
        • ai-text-completions
        • compute-ai-embeddings
        • flare-controller
      • Text Processors
        • document-to-json
        • language-detector
        • query
        • query-vector-db
        • re-rank
        • text-normaliser
        • text-extractor
        • text-splitter
        • http-request
      • Data Transform
        • cast
        • compute
        • drop
        • drop-fields
        • merge-key-value
        • unwrap-key-value
      • Flow control
        • dispatch
        • timer-source
        • trigger-event
    • Custom Agents
      • Python sink
      • Python source
      • Python processor
      • Python service
    • Agent Developer Guide
      • Agent Types
      • Agent Creation
      • Configuration and Testing
      • Environment variables
  • Messaging
    • Messaging
      • Apache Pulsar
      • Apache Kafka
      • Pravega.io
  • Patterns
    • RAG pattern
    • FLARE pattern
  • Examples
    • LangServe chatbot
    • LlamaIndex Cassandra sink
Powered by GitBook
On this page
  • Example gateways.yaml
  • Configuration
Edit on GitHub
  1. Building Applications
  2. API Gateways

Gateway authentication

PreviousMessage filteringNextAPI Reference

Last updated 1 year ago

You can require authentication when someone attempts a connection to produce, consume, and chat gateways.

To fully implement this, there is quite a bit left up to the developer. The focus of gateway authentication is to provide transportation and validation. An identity provider facilitates authentication through a series of handshakes based on a provided token. Someone wanting to produce or consume a message provides an id that was created by the identity provider. The gateway handshakes with the identity provider using the provided token. Use parameters, headers, and clientId to configure the gateway to successfully handshake.

application provides more explanation and a working example.

Example gateways.yaml

This gateway manifest is selectively adding authentication to the user-input and bot-output gateways.

The gateways are filtering messages by two key-value pairs in the message headers: the sessionID parameter value, and the "subject" value from the langstream-client-user-id key.sessionId is a UUID generated by the CLI at runtime. Here, let's assume sessionId=123.

value-from-parameters defines what value is being used for filtering. Since it's sessionId, the sessionId value is 123.

Once a parameter is defined for a gateway, that parameter is required for every subsequent connection.

The producer will produce to the questions-topic with two header values:

  1. langstream-client-session-id,with the arbitrary value "123" from the gateway parameters

  2. langstream-client-user-id with the "subject" value from Google authentication

The consumer will watch for messages with these values in the headers on the questions-topic.

gateways:
  - id: "user-input"
    type: produce
    topic: "questions-topic"
    parameters:
      - sessionId
    authentication:
      provider: google
      configuration:
        clientId: "{{ secrets.google.client-id }}"
    produce-options:
      headers:
        - key: langstream-client-user-id
          value-from-authentication: subject
        - key: langstream-client-session-id
          value-from-parameters: sessionId

  - id: "bot-output"
    type: consume
    topic: "questions-topic"
    parameters:
      - sessionId
    authentication:
      provider: google
      configuration:
        clientId: "{{ secrets.google.client-id }}"
    produce-options:
      headers:
        - key: langstream-client-user-id
          value-from-authentication: subject
        - key: langstream-client-session-id
          value-from-parameters: sessionId

Google authentication

Set provider: google to use a Google client ID to authenticate LangStream gateway connections.

The Google field that is exposed for authentication is "subject".

The Google client ID looks like this:

99840107278-4363876v0hker43roujaubqom5g07or8.apps.googleusercontent.com

To set it as a secret env variable:

export GOOGLE_CLIENT_ID=99840107278-4363876v0hker43roujaubqom5g07or8.apps.googleusercontent.com

Github authentication

Set provider: github to use a GitHub login to authenticate LangStream gateway connections.

The Github field that is exposed for authentication is "login".

Configuration

Label
Type
Description

provider

string

The name of the identity provider. Supported values are:

  • β€œgoogle”

  • β€œgithub”

configuration

Map

clientId

string

The token to use for interacting with the given identity provider. Typically this is a pointer to a secret.

Example: clientId: "${secrets.google.client-id}"

Follow the β€œβ€ guide to create your client ID.

Follow the β€œβ€ guide to create your login.

For the google provider, follow the β€œβ€ guide.

For the github provider, follow the β€œβ€ guide.

This authentication example
Get your Google API client ID
Building a "Login with GitHub" button with a GitHub App
Get your Google API client ID
Building a "Login with GitHub" button with a GitHub App