This example demonstrates how to combine LangChain with robust authorization controls for RAG workflows. Using Auth0 FGA, it ensures that users can only access documents they are authorized to view. The example retrieves relevant documents, enforces access permissions, and generates responses based only on authorized data, maintaining strict data security and preventing unauthorized access.
-
Create a
.envfile using the format below:# OpenAI OPENAI_API_KEY=xx-xxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxx # Auth0 FGA FGA_STORE_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxx FGA_CLIENT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxx FGA_CLIENT_SECRET=xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxx # Required only for non-US regions FGA_API_URL=https://api.xxx.fga.dev FGA_API_AUDIENCE=https://api.xxx.fga.dev/
Use this page for instructions on how to find your OpenAI API key. Once you have your key, update the .env file accordingly.
-
Create a client
Navigate to Settings and in the Authorized Clients section click + Create Client button. On the new page give your client a name and mark all three client permissions then click Create.
-
Copy the information on the modal and update your
.envfile with the values you now have forFGA_STORE_ID,FGA_CLIENT_ID, andFGA_CLIENT_SECRET. Click Continue to get values forFGA_API_URLandFGA_API_AUDIENCE.
-
Install dependencies using Poetry.
$ python -m venv venv $ source venv/bin/activate $ pip install -r requirements.txt -
Initialize the FGA model and tuples
$ python ./scripts/fga_init.py
-
Running the example
python main.py
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the Apache 2.0 license. See the LICENSE file for more info.