jwt update

docs/pages/Deploying/DocsGPT-Settings.mdx

@@ -95,6 +95,49 @@ EMBEDDINGS_NAME=huggingface_sentence-transformers/all-mpnet-base-v2 # You can al
 
 In this case, even though you are using Ollama locally, `LLM_NAME` is set to `openai` because Ollama (and many other local inference engines) are designed to be API-compatible with OpenAI.  `OPENAI_BASE_URL` points DocsGPT to the local Ollama server.
 
+## Authentication Settings
+
+DocsGPT includes a JWT (JSON Web Token) based authentication feature for managing sessions or securing local deployments while allowing access.
+
+- **`AUTH_TYPE`**: This setting in your `.env` file or `settings.py` determines the authentication method.
+    
+    - **Possible values:**
+        - `None` (or not set): No authentication is used.
+        - `simple_jwt`: A single, long-lived JWT token is generated and used for all authenticated requests. This is useful for securing a local deployment with a shared secret.
+        - `session_jwt`: Unique JWT tokens are generated for sessions, typically for individual users or temporary access.
+    - If `AUTH_TYPE` is set to `simple_jwt` or `session_jwt`, then a `JWT_SECRET_KEY` is required.
+- **`JWT_SECRET_KEY`**: This is a crucial secret key used to sign and verify JWTs.
+    
+    - It can be set directly in your `.env` file or `settings.py`.
+    - **Automatic Key Generation**: If `AUTH_TYPE` is `simple_jwt` or `session_jwt` and `JWT_SECRET_KEY` is _not_ set in your environment variables or `settings.py`, DocsGPT will attempt to:
+        1. Read the key from a file named `.jwt_secret_key` in the project's root directory.
+        2. If the file doesn't exist, it will generate a new 32-byte random key, save it to `.jwt_secret_key`, and use it for the session. This ensures that the key persists across application restarts.
+    - **Security Note**: It's vital to keep this key secure. If you set it manually, choose a strong, random string.
+
+**How it works:**
+
+- When `AUTH_TYPE` is set to `simple_jwt`, a token is generated at startup (if not already present or configured) and printed to the console. This token should be included in the `Authorization` header of your API requests as a Bearer token (e.g., `Authorization: Bearer YOUR_SIMPLE_JWT_TOKEN`).
+- When `AUTH_TYPE` is set to `session_jwt`:
+    - Clients can request a new token from the `/api/generate_token` endpoint.
+    - This token should then be included in the `Authorization` header for subsequent requests.
+- The backend verifies the JWT token provided in the `Authorization` header for protected routes.
+- The `/api/config` endpoint can be used to check the current `auth_type` and whether authentication is required.
+
+**Frontend Token Input for `simple_jwt`:**
+
+<img 
+  src="/jwt-input.png" 
+  alt="Frontend prompt for JWT Token" 
+  style={{ 
+    width: '500px', 
+    maxWidth: '100%', 
+    display: 'block', 
+    margin: '1em auto' 
+  }} 
+/>
+
+If you have configured `AUTH_TYPE=simple_jwt`, the DocsGPT frontend will prompt you to enter the JWT token if it's not already set or is invalid. You'll need to paste the `SIMPLE_JWT_TOKEN` (which is printed to your console when the backend starts) into this field to access the application.
+
 ## Exploring More Settings
 
 These are just the basic settings to get you started. The `settings.py` file contains many more advanced options that you can explore to further customize DocsGPT, such as: