Auth
Introduction
By default, PromptQL accesses your data through the distributed query engine in NoAuth mode as
an admin user. This means that by default on a new installation, it has full access to your data.
However, you can integrate many popular auth services or use your own custom solution to authenticate users.
After the authentication step, session variables, including a user role, are passed via either a valid JWT or webhook response, to the query engine to be checked against the access control rules or "permissions" to determine what data the user can access. This ensures any PromptQL conversations are scoped to only return information that a particular user is permitted to access.
Learn how to check the auth which the PromptQL Playground client is using here.
AuthConfig options
Authentication can be set up in one of three modes or multiple modes. These modes and their configuration options are
specified in the AuthConfig object within your metadata.
You can configure a single authentication mode or multiple authentication modes using the alternativeModes field in
AuthConfig v4. When using multiple authentication modes, you can specify which mode to use for a particular request by
including the X-Hasura-Auth-Mode header with the identifier of the desired authentication mode. Read more about
multiple auth modes.
JWT mode
Your authentication service must issue JWTs which contain session variables that are passed to the distributed query engine by PromptQL on each request.
Webhook mode
PromptQL will call a webhook on each request with the client headers forwarded. On successful authentication, the
webhook must return a valid http response with session variables in the body.
NoAuth mode
No authentication is required for a specific role to access the data.