Add version for Llamaindex with FastApi and Auth0 #10
Conversation
There was a problem hiding this comment.
can we update this diagram to reflect Python server and the new resources here?
cc: @deepu105
There was a problem hiding this comment.
I can create one for this probably next week
py-llamaindex/README.md
Outdated
|
|
||
| ## About the template | ||
|
|
||
| This template scaffolds an Auth0 + LlamaIndex.js + Next.js starter app. It mainly uses the following libraries: |
| "access_token": auth_session.get("token_sets")[0].get( | ||
| "access_token" | ||
| ), | ||
| "refresh_token": auth_session.get("refresh_token"), |
There was a problem hiding this comment.
is refresh token really needed? It seems a security hazard to me. Posted a thread about this similar issue today in JS examples.
We should probably try and standardize on this, but my preference is to only rely on exchanged / short-lived access token here.
started a thread today:
https://auth0.slack.com/archives/C089AS3M9C5/p1755783912796319
There was a problem hiding this comment.
for llamaIndex this should not be needed, this was a workaround for LangGraph since the AI SDK expects this instead of LangGraph custom auth
|
|
||
| user_email = user.get("email", "unknown") | ||
|
|
||
| index = get_index() |
There was a problem hiding this comment.
This is suppose to show the CIBA stuff no?
| ): | ||
| try: | ||
| query_string = str(request.url.query) | ||
| target_url = f"{settings.LANGGRAPH_API_URL}/{full_path}" |
There was a problem hiding this comment.
why is this needed for llamaindex
| @agent_router.api_route( | ||
| "/{full_path:path}", methods=["GET", "POST", "DELETE", "PATCH", "PUT", "OPTIONS"] | ||
| ) | ||
| async def api_route( |
There was a problem hiding this comment.
this entire implementation should not be needed for Llamaindex since the LlamaIndex agent can live in route
py-llamaindex/README.md
Outdated
|
|
||
| ## About the template | ||
|
|
||
| This template scaffolds an Auth0 + LlamaIndex.js + Next.js starter app. It mainly uses the following libraries: |
There was a problem hiding this comment.
| This template scaffolds an Auth0 + LlamaIndex.js + Next.js starter app. It mainly uses the following libraries: | |
| This template scaffolds an Auth0 + LlamaIndex + FastAPI starter app. It mainly uses the following libraries: |
|
|
||
| ```bash | ||
| source .venv/bin/activate | ||
| uv run uvicorn app.main:app --reload |
There was a problem hiding this comment.
isn't is fastapi dev app/main.py
| from googleapiclient.discovery import build | ||
| from llama_index.core.tools import FunctionTool | ||
|
|
||
| # UWAGA: to jest wariant dla LlamaIndex |
| list_upcoming_events_li = FunctionTool.from_defaults( | ||
| name="list_upcoming_events", | ||
| description="List upcoming events from the user's Google Calendar (requires a federated Google connection).", | ||
| fn=list_upcoming_events_li_fn, |
There was a problem hiding this comment.
where are we wrapping the tool with federatedConnections?
| access_token = auth_session.get("token_sets", [{}])[0].get("access_token") | ||
| stream = agent.stream_chat( | ||
| query, | ||
| tool_kwargs={ |
| from app.core.config import settings | ||
|
|
||
| async def get_user_info_li_fn(access_token: str | None) -> str: | ||
| if not access_token: |
There was a problem hiding this comment.
why not get access token from user session
| scopes=["openid", "product:buy"], | ||
| binding_message=lambda product, | ||
| quantity: f"Do you want to buy {quantity} {product}", | ||
| user_id=lambda *_, **__: ensure_config() |
There was a problem hiding this comment.
this is for langchain, for llamaindex we should be able to get this from user session
|
|
||
| # UWAGA: to jest wariant dla LlamaIndex | ||
| from auth0_ai_llamaindex.federated_connections import ( | ||
| get_access_token_for_connection, |
There was a problem hiding this comment.
Believe this library is currently using "refresh_token" exchange. We should enhance this library in the core to support subject_token_type urn:ietf:params:oauth:token-type:access_token / access token exchange as well:
This will likely be useful in the case that LangGraph server is hosted separately.
There was a problem hiding this comment.
^^ we have a separate ticket for this effort this sprint. If we keep the langgraph agent embedded, the RT flow here now is fine. If the langgraph server / agent is separate server, my current assumption is we should use AT flow and add that support to the core.
| agent = ReActAgentWorker.from_tools( | ||
| tools=tools, | ||
| llm=llm, | ||
| verbose=True, | ||
| system_prompt=( | ||
| "You are a personal assistant named Assistant0. " | ||
| "Use tools when helpful; prefer get_context_docs for knowledge base queries. " | ||
| "Render email-like bodies as markdown (no code fences)." | ||
| ), | ||
| ).as_agent() No newline at end of file |
There was a problem hiding this comment.
how are you finding the interrupt support w/ this ReActAgent worker, and compatibility w/ langgraph's useStream hook? Would it be better to use separate langgraph-cli server w/ access token exchange flow in this case?
It seems a simpler use case may also be like this one.
There was a problem hiding this comment.
fwiw, i am finding a lot of gaps w/ createReactAgent on the typescript side (and not sure how this is behaving on the python side). Ideally we can also support interrupt flows for step-up auth 🤞 . If using useStream hook from langgraph-sdk on the client, the langgraph-cli approach may be easier b/c it comes w/ langgraph protocol fully implemented. If sticking w/ this approach and embedded agent w/ ReActAgent, you may find it easier to explore a custom SSE stream (and replace useStream hook on the client w/ custom handlers), example. Leave this to you though to determine as to how to reflect.
|
|
||
| - [LlamaIndex's Python framework](https://docs.llamaindex.ai/en/stable/#introduction) | ||
| - The [Auth0 AI SDK](https://github.com/auth0-lab/auth0-ai-python) and [Auth0 FastAPI SDK](https://github.com/auth0/auth0-fastapi) to secure the application and call third-party APIs. | ||
| - [Auth0 FGA](https://auth0.com/fine-grained-authorization) to define fine-grained access control policies for your tools and RAG pipelines. |
There was a problem hiding this comment.
should we also highlight that we are using a lot of Langgraph libraries / sdks w/ this example now? Or is that still t.b.d.?
If we go w/ Langgraph, just wanting to call it out better in README. Also agree w/ @deepu105 's feedback, that if we already have a langgraph sample, capturing some of the additional things in the existing example:
https://github.com/auth0-samples/auth0-assistant0/tree/main/py-langchain
| @@ -0,0 +1,83 @@ | |||
| # Start the frontend server | |||
|
|
|||
| Rename `.env.example` file to `.env` in the `frontend` directory. | |||
There was a problem hiding this comment.
think we are missing the .env.example here
| To start with the basic examples, you'll just need to add your OpenAI API key and Auth0 credentials. | ||
|
|
||
| - To start with the examples, you'll just need to add your OpenAI API key and Auth0 credentials for the Web app. | ||
| - You can setup a new Auth0 tenant with an Auth0 Web App and Token Vault following the Prerequisites instructions [here](https://auth0.com/ai/docs/call-others-apis-on-users-behalf). |
There was a problem hiding this comment.
Can we describe some place how you are configuring this app with Auth? E.g. "Create an API..", "Create a SPA application"... etc.
I'm having trouble following this at the moment, and it's quite important as far as what auth flow we want to use.
If going for an Auth0 API/resource server for the Fast API + embedded llamaindex agent, and a SPA application for the client, we'll like want to make use of the new access token / token vault flow. (more like this example w/ a SPA: auth0/docs-v2#39)
If going for a FastAPI (app) (Regular Web App for the Auth0 client) like the existing example here, and an embedded llamaindex agent, we'll likely be fine w/ the existing refresh token / token vault exchange flow.
If going for a FastAPI (app) (Regular Web App for the Auth0 client) like the existing example here, and an external llamaindex agent/external LangGraph server, we'll likely want access token / token vault exchange flow (and the AT provided to Langgraph server).
|
nice work getting this started @AdamWozniewski 👍 - please let us know once you've settled on approach here and when this is rdy for testing. ty 🙇 |
| - Create a **Regular Web App** for FastAPI. | ||
| - (Optional) Create an API if you also expose protected endpoints to SPAs. | ||
| - FastAPI handles cookie-based session and federated connections via Token Vault. | ||
| - Tools do **not** receive tokens as arguments; they read them from the session or use the federated-connection wrapper. |
There was a problem hiding this comment.
super helpful 👍 👍
Seems this will work ok and RT -> AT / token exchange flow is desired if Regular Web App is used, and agent is embedded as we are here. I'm good w/ this if others are 👍
| }; | ||
| } | ||
|
|
||
| export function FederatedConnectionInterruptHandler({ |
There was a problem hiding this comment.
is interrupt flow working w/ useStream? I'm not sure about useStream /langgraph integration and llamaindex ReActAgent worker. Seems there is a possibility of using the abort signals for this type of interrupt server side:
https://ts.llamaindex.ai/docs/workflows#with-workflows
is it worth investigating llamama index's client sdk for this:
https://ts.llamaindex.ai/docs/chat-ui
i see a Fast API example:
https://github.com/run-llama/chat-ui/tree/main/examples/fastapi
Maybe some React components can still be shared.
It looks like on Next.js side of things, AI SDK was used w/ llamaindex server. Another possibility to consider.
cc: @jcenturion @pmalouin @deepu105 - any thoughts?
No description provided.