diff --git a/docs/pages/Deploying/DocsGPT-Settings.mdx b/docs/pages/Deploying/DocsGPT-Settings.mdx index ce1e46ba..239b35d7 100644 --- a/docs/pages/Deploying/DocsGPT-Settings.mdx +++ b/docs/pages/Deploying/DocsGPT-Settings.mdx @@ -95,6 +95,49 @@ EMBEDDINGS_NAME=huggingface_sentence-transformers/all-mpnet-base-v2 # You can al In this case, even though you are using Ollama locally, `LLM_NAME` is set to `openai` because Ollama (and many other local inference engines) are designed to be API-compatible with OpenAI. `OPENAI_BASE_URL` points DocsGPT to the local Ollama server. +## Authentication Settings + +DocsGPT includes a JWT (JSON Web Token) based authentication feature for managing sessions or securing local deployments while allowing access. + +- **`AUTH_TYPE`**: This setting in your `.env` file or `settings.py` determines the authentication method. + + - **Possible values:** + - `None` (or not set): No authentication is used. + - `simple_jwt`: A single, long-lived JWT token is generated and used for all authenticated requests. This is useful for securing a local deployment with a shared secret. + - `session_jwt`: Unique JWT tokens are generated for sessions, typically for individual users or temporary access. + - If `AUTH_TYPE` is set to `simple_jwt` or `session_jwt`, then a `JWT_SECRET_KEY` is required. +- **`JWT_SECRET_KEY`**: This is a crucial secret key used to sign and verify JWTs. + + - It can be set directly in your `.env` file or `settings.py`. + - **Automatic Key Generation**: If `AUTH_TYPE` is `simple_jwt` or `session_jwt` and `JWT_SECRET_KEY` is _not_ set in your environment variables or `settings.py`, DocsGPT will attempt to: + 1. Read the key from a file named `.jwt_secret_key` in the project's root directory. + 2. If the file doesn't exist, it will generate a new 32-byte random key, save it to `.jwt_secret_key`, and use it for the session. This ensures that the key persists across application restarts. + - **Security Note**: It's vital to keep this key secure. If you set it manually, choose a strong, random string. + +**How it works:** + +- When `AUTH_TYPE` is set to `simple_jwt`, a token is generated at startup (if not already present or configured) and printed to the console. This token should be included in the `Authorization` header of your API requests as a Bearer token (e.g., `Authorization: Bearer YOUR_SIMPLE_JWT_TOKEN`). +- When `AUTH_TYPE` is set to `session_jwt`: + - Clients can request a new token from the `/api/generate_token` endpoint. + - This token should then be included in the `Authorization` header for subsequent requests. +- The backend verifies the JWT token provided in the `Authorization` header for protected routes. +- The `/api/config` endpoint can be used to check the current `auth_type` and whether authentication is required. + +**Frontend Token Input for `simple_jwt`:** + +Frontend prompt for JWT Token + +If you have configured `AUTH_TYPE=simple_jwt`, the DocsGPT frontend will prompt you to enter the JWT token if it's not already set or is invalid. You'll need to paste the `SIMPLE_JWT_TOKEN` (which is printed to your console when the backend starts) into this field to access the application. + ## Exploring More Settings These are just the basic settings to get you started. The `settings.py` file contains many more advanced options that you can explore to further customize DocsGPT, such as: diff --git a/docs/public/jwt-input.png b/docs/public/jwt-input.png new file mode 100644 index 00000000..494d9744 Binary files /dev/null and b/docs/public/jwt-input.png differ