Auth
Introduction
By default, PromptQL accesses your data through Hasura DDN in NoAuth mode as an admin user.
This means that by default on a new installation, it has full access to your data.
However, you can integrate many popular auth services or use your own custom solution to authenticate users.
After the authentication step, session variables, including a user role, are passed via either a valid JWT or webhook response, to the Hasura Engine to be checked against the access control rules or "permissions" to determine what data the user can access. This ensures any PromptQL conversations are scoped to only return information that a particular user is permitted to access.
As you will most often be using PromptQL in the console interface, you can check the auth which the client is using by clicing the "Auth" button on the left of the chat textbox.
PromptQL Playground Auth
Learn how to check the auth which the PromptQL Playground client is using here.
AuthConfig options
Authentication can be set up in one of three modes. These modes and their configuration options are specified in the
AuthConfig object within your metadata.
JWT mode
Your authentication service must issue JWTs which contain session variables that are passed to the Hasura Engine by the PromptQL client on each request.
Webhook mode
PromptQL will call a webhook on each request with the client headers forwarded. On successful authentication, the
webhook must return a valid http response with session variables in the body.
NoAuth mode
No authentication is required for a specific role to access the data.