How to use Chatbot in private

[kientv]

Could we restrict chat user by personal token (API key) or username, password .
Do not want to public bot in the internet

[HenryHengZJ]

hmm not possible for now, something we plan on roadmap

[CasperJ]

Hi,
I've a similar request here #227 and I've made PR #226 which introduces this kind of functionality.
I our case we a portal that users log into and then they see the bot. The portal is protected by an OAuth flow. With our addition we can now push down that JTW token to the API by injecting it into the http request before it got sent.

sequenceDiagram
    participant User
    participant API Gateway
    participant Identity Server
    participant FlowiseAI API
    User->>Identity Server: OAuth dance to get JWT token
    Identity Server-->>User: Get JWT Token and store in Browser
    User->>API Gateway: GET /api/ai/* (JWT injected in header)
    Note right of API Gateway: API Gateway validates JWT
    API Gateway-->>FlowiseAI API: Forward request unauthenticated
    FlowiseAI API-->>API Gateway: Response
    API Gateway-->>User: Response

Loading

[kientv]

What's oauth2 grant type do you use in myIdentityApi.getCredencial()

[CasperJ]

In our case we have integrated it within our Backstage portal. Backstage provides a way to get the JWT token clientside. Other sites might store it in local storage. It really depends on the framework you are using.

In Backstage the auth flow is consent and refresh flow: https://backstage.io/docs/auth/oauth