Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Vertex AI Gemini provider to use ModelAuthProvider #708

Merged
merged 1 commit into from
Jul 8, 2024
Merged

Update Vertex AI Gemini provider to use ModelAuthProvider #708

merged 1 commit into from
Jul 8, 2024

Conversation

sberyozkin
Copy link
Contributor

This PR builds on the #694 PR created by @csotiriou and updates Vertex AI Gemini model provider to use ModelAuthProvider. It also adds a demo which depends on the quarkus-langchain4j-oidc-model-auth-provider extension which can help to pick up OIDC bearer or authorization code flow tokens.

I'm yet to test it works.

@sberyozkin sberyozkin mentioned this pull request Jun 27, 2024
Closed
@sberyozkin
Copy link
Contributor Author

@csotiriou @geoand It all works great, thanks, I'll have a couple of minor suggestions/questions at #694 a bit later, and once #694 is merged, I'll rebase this PR, thanks

@sberyozkin sberyozkin force-pushed the oidc_model_auth_provider branch 2 times, most recently from c0e4f04 to d219240 Compare June 28, 2024 10:21
@sberyozkin sberyozkin mentioned this pull request Jun 28, 2024
Merged
@sberyozkin sberyozkin marked this pull request as ready for review June 28, 2024 15:35
@sberyozkin sberyozkin requested a review from a team as a code owner June 28, 2024 15:35
@sberyozkin
Copy link
Contributor Author

sberyozkin commented Jun 28, 2024
edited
Loading

This is the latest from Gemini:

Oh, Java, language of bytecode and beans,
Where objects dance and methods preen.
From applets to servlets, your reach is wide,
A platform for dreams, where code can confide. 

- Gemini

PR is ready for review :-), @geoand, @jmartisk, please have a look next week. Jan, since you have tested secure-fraud-detection, can you please check that this demo works for you as well ? You'll need to enable Vertex AI in your Google Cloud project, also note this project's id and set in properties, as mentioned in README.

My plan, later, is to add one more OIDC authentication into the same (to be renamed) demo, and then also use another model, hopefully with Azure OpenAI, so the demo will evolve to show a fairly complex case but also how easily it can be done wit Quarkus LangChain4j and Quarkus security

Thanks

@geoand
Copy link
Collaborator

geoand commented Jul 1, 2024
edited
Loading

I think this makes sense, but just to be sure I understand the intent:

When the application has this module, you expect the application to use the user's token, correct?

@sberyozkin
Copy link
Contributor Author

sberyozkin commented Jul 1, 2024
edited
Loading

When the application has this module, you expect the application to use the user's token, correct?

Right. I'm not sure 100% yet how a situation where 2 remote model providers are used by the application, but only one of them requires a user token, and the oidc-model-auth-provider is loaded, will be handled. I guess we will be able to manage it either by adding the list of models to the oidc-model-auth-provider configuration, or by adding oidc-mode-auth-provider conditionally to the model provider dependencies, etc

@geoand
Copy link
Collaborator

geoand commented Jul 1, 2024

Yeah, let's see if this use case makes sense for users before making things more complex

@sberyozkin
Copy link
Contributor Author

The user token will have a user's authorization recorded, for example, when the user is authenticating to Google, the user will be asked to approve a registered application like Quarkus LangChain4j to access AI on behalf of the user, if the user does not approve, the authentication will fail

@sberyozkin
Copy link
Contributor Author

sberyozkin commented Jul 1, 2024
edited
Loading

Sure, the use case can be generalized as follows in a general OAuth2 way: Quarkus will access downstream services (Geminy model in this case) on behalf of the currently authenticated user only if this user gives a permission, which is quite a mainstream case with SSO..

@geoand
Copy link
Collaborator

geoand commented Jul 2, 2024

@sberyozkin can you please rebase onto main?

@sberyozkin
Copy link
Contributor Author

Sorry @geoand, missed your ping; rebased it

@sberyozkin
Copy link
Contributor Author

Thanks @jmartisk for verifying the demo works, I'll deal with your comments next.

By the way, @geoand, what is a difference between model-providers/vertex-ai and model-providers/vertex-ai-gemini ? Is it about different type of models that vertex-ai may use (I see chat-bison in the former module) but Gemini configuration is more involved and this is why it has a dedicated module ? I can follow up later with updating model-providers/vertex-ai too to recognize ModelAuthProvider

@geoand
Copy link
Collaborator

geoand commented Jul 3, 2024

what is a difference between model-providers/vertex-ai and model-providers/vertex-ai-gemini

They are different models

@jmartisk
Copy link
Collaborator

jmartisk commented Jul 3, 2024

what is a difference between model-providers/vertex-ai and model-providers/vertex-ai-gemini

They are different models

That doesn't explain it too much for me - What extension do you use if you want to call, say, Mixtral or Claude through the Google Cloud?

@geoand
Copy link
Collaborator

geoand commented Jul 3, 2024

You don't currently

@sberyozkin sberyozkin force-pushed the oidc_model_auth_provider branch 2 times, most recently from 6cb5d0a to e24b936 Compare July 3, 2024 11:57
@sberyozkin
Copy link
Contributor Author

sberyozkin commented Jul 3, 2024
edited
Loading

Interesting, I've got with the latest try:

Inspite of the name, 
Java is so much more than a bean.
It's a language that can,
make your wildest dreams a scene. 
Java's an ocean of code,
Where ideas flow and grow. 
It's a haven for the tech-inclined,
A place where innovation can be found.

- Bard

As the demo instructs to sign off with the name of the model which produced the poem... Bard was the old name for what is now Gemini.

@geoand @jmartisk If you are happy enough, please merge and I'll start planning to align azure-openai, vertex-ai as well

@geoand geoand requested a review from jmartisk July 4, 2024 14:03
@jmartisk jmartisk merged commit d1b5200 into quarkiverse:main Jul 8, 2024
12 checks passed
@sberyozkin sberyozkin deleted the oidc_model_auth_provider branch July 8, 2024 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmartisk jmartisk jmartisk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@sberyozkin @geoand @jmartisk