Permit.io access control components for Langflow
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
Access Control in Langflow
The authentication and authorization components in Langflow are designed to secure your workflows by validating user credentials, checking permissions, and controlling access to resources. These components ensure that only authorized users can perform specific actions on designated resources.
They handle critical security tasks like verifying tokens, confirming permissions, and managing access control, ensuring smooth and secure operations within your workflows.
JWT Validator
This component verifies JSON Web Tokens (JWT) using JSON Web Key Sets (JWKs) and extracts the user's identifier. It performs a thorough validation process, including signature checks, expiration date verification, and key validation via the specified JWKs endpoint.
To optimize performance, the component automatically fetches and caches the JWKs from the provided URL, handling key rotations efficiently and reducing unnecessary HTTP requests. It supports the RS256 algorithm and retrieves the subject claim (sub) as the user identifier.
Inputs
| Name | Display Name | Description |
|---|---|---|
| jwt_token | JWT Token | The JWT token to validate. Must follow RFC 7519 standards. |
Configuration
| Name | Display Name | Description |
|---|---|---|
| jwks_url | JWKs URL | The URL of the JWKs endpoint (e.g., https://your-domain/.well-known/jwks.json). |
Outputs
| Name | Display Name | Description |
|---|---|---|
| user_id | User ID | The extracted user ID from the validated token (sub claim). |
Permissions Check
This component evaluates whether a user has permission to perform a specific action on a resource. It integrates with Permit.io's Policy Decision Point (PDP) to enforce fine-grained access control based on your defined policies.
It supports context-aware authorization by optionally including tenant information, enabling real-time policy evaluations for multi-tenant environments.
Inputs
| Name | Display Name | Description |
|---|---|---|
| user | User | The user identifier to check permissions for. |
| action | Action | The action being performed (e.g., read, write, delete, create). |
| resource | Resource | The resource identifier being acted upon. |
| tenant | Tenant | Optional tenant identifier for multi-tenant scenarios. |
Configuration
| Name | Display Name | Description |
|---|---|---|
| pdp_url | PDP URL | The URL of the Policy Decision Point (found in your Permit.io dashboard). |
| api_key | API Key | Your Permit.io API key for authentication. |
Outputs
| Name | Display Name | Description |
|---|---|---|
| allowed | Allowed | A boolean value indicating whether the action is permitted (true or false). |
Data Protection
This component retrieves and filters the list of resources a user is allowed to access. It can either fetch all permissions for a given resource type or filter a specific set of resource IDs based on the user's permissions.
The component supports bulk permission checks and uses caching to enhance performance when evaluating multiple resources.
Inputs
| Name | Display Name | Description |
|---|---|---|
| user_id | User ID | The user identifier to retrieve permissions for. |
| action | Action | The action to filter permissions by (e.g., read, write). |
| resource_type | Resource Type | The type of resource to check permissions for (e.g., document, project). |
| filter_ids | Filter IDs | Optional list of specific resource IDs to check permissions for. |
Configuration
| Name | Display Name | Description |
|---|---|---|
| pdp_url | PDP URL | The URL of the Policy Decision Point. |
| api_key | API Key | Your Permit.io API key for authentication. |
Outputs
| Name | Display Name | Description |
|---|---|---|
| allowed_ids | Allowed IDs | A list of resource IDs that the user is authorized to access for the specified action. |
How These Components Work Together
These components implement the four security perimeters for LLM applications:
- Prompt Filtering: Use JWT Validator to authenticate users and filter inputs
- RAG Data Protection: Use Data Protection to control access to RAG data
- Secure External Access: Use Permissions Check for API and external service access
- Response Enforcement: Use Data Protection to filter sensitive information from responses
Each component can be used individually or combined to create comprehensive security flows.
When setting up these components, ensure your Permit.io policies are properly configured, and your JWKs endpoint is accessible. The components are designed to handle errors gracefully, providing clear messages for issues such as invalid tokens, network problems, or denied permissions.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file permit_langflow-0.1.0.tar.gz.
File metadata
- Download URL: permit_langflow-0.1.0.tar.gz
- Upload date:
- Size: 4.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2d5c861c636a6f161af432866ebbd7062fdebf949fd180ed094a97b542d21d69
|
|
| MD5 |
32fd5bd283f5850d29340c4e976cfcd2
|
|
| BLAKE2b-256 |
346f4f34249f0fa4c4473ef1bd812c6b0152453257d390e970547a4c2433f0e7
|
Provenance
The following attestation bundles were made for permit_langflow-0.1.0.tar.gz:
Publisher:
pypi-release.yml on permitio/permit-langflow-framework
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
permit_langflow-0.1.0.tar.gz -
Subject digest:
2d5c861c636a6f161af432866ebbd7062fdebf949fd180ed094a97b542d21d69 - Sigstore transparency entry: 176066533
- Sigstore integration time:
-
Permalink:
permitio/permit-langflow-framework@13fcbe80677b6678c0b1224364fffdedad1514b0 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/permitio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-release.yml@13fcbe80677b6678c0b1224364fffdedad1514b0 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file permit_langflow-0.1.0-py3-none-any.whl.
File metadata
- Download URL: permit_langflow-0.1.0-py3-none-any.whl
- Upload date:
- Size: 4.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
796a3c884bfaecfeaa6a40bb703666ef79abe7f8969fc61fe66235afdc8426da
|
|
| MD5 |
2b5f8e94f95408b95f7142aea74ab40c
|
|
| BLAKE2b-256 |
550b41173eb764fefc34b57ed70445ca9fb848bd87b19128fee4944f0baa26d5
|
Provenance
The following attestation bundles were made for permit_langflow-0.1.0-py3-none-any.whl:
Publisher:
pypi-release.yml on permitio/permit-langflow-framework
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
permit_langflow-0.1.0-py3-none-any.whl -
Subject digest:
796a3c884bfaecfeaa6a40bb703666ef79abe7f8969fc61fe66235afdc8426da - Sigstore transparency entry: 176066534
- Sigstore integration time:
-
Permalink:
permitio/permit-langflow-framework@13fcbe80677b6678c0b1224364fffdedad1514b0 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/permitio
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
pypi-release.yml@13fcbe80677b6678c0b1224364fffdedad1514b0 -
Trigger Event:
workflow_dispatch
-
Statement type:
