36 lines
947 B
Python
36 lines
947 B
Python
"""Pluggable auth principal models.
|
|
|
|
These describe *who* is invoking a skill. The runtime auth provider produces
|
|
an instance of the agent's declared ``auth_model`` and hands it to the
|
|
:class:`RunContext`.
|
|
"""
|
|
from __future__ import annotations
|
|
|
|
from pydantic import BaseModel, ConfigDict, Field
|
|
|
|
|
|
class NoAuth(BaseModel):
|
|
"""Public agent: no caller identity required."""
|
|
|
|
model_config = ConfigDict(extra="forbid", frozen=True)
|
|
|
|
|
|
class APIKeyAuth(BaseModel):
|
|
"""Caller authenticated by a long-lived API key."""
|
|
|
|
model_config = ConfigDict(extra="forbid", frozen=True)
|
|
|
|
api_key_id: str
|
|
scopes: list[str] = Field(default_factory=list)
|
|
|
|
|
|
class JWTAuth(BaseModel):
|
|
"""Caller authenticated by a JWT (typically from a user-facing login)."""
|
|
|
|
model_config = ConfigDict(extra="forbid", frozen=True)
|
|
|
|
sub: str
|
|
org_id: str | None = None
|
|
email: str | None = None
|
|
scopes: list[str] = Field(default_factory=list)
|