Custom

It is possible to provide custom Zero Trust Authentication (ZTA) inside Livebook's Docker images.

To do so, you must define a file with the .exs extension inside the /app/user/extensions of your Livebook image, for example, /app/user/extensions/my_auth.exs. This file should define at least one module, which implements the ZTA skeleton below:

defmodule MyAuth do
  use GenServer

  @spec start_link(keyword) :: {:ok, pid()}
  def start_link(opts) do
    identity_key = opts[:identity_key]
    GenServer.start_link(__MODULE__, identity_key, Keyword.take(opts, [:name]))
  end

  @spec authenticate(GenServer.server(), Plug.Conn.t(), keyword()) ::
          {Plug.Conn.t(), map() | nil}
  def authenticate(server, conn, opts \\ []) do
    # Connects to the GenServer given by `server` and returns the user information.
    # See `opts[:fields]` for the fields to be returned in the map.
    # Return nil if the user cannot be authenticated.
  end
end

Then you must configure Livebook to use the module above as your identity provider:

LIVEBOOK_IDENTITY_PROVIDER="custom:MyAuth"

Or, if you want to pass a custom identity key:

LIVEBOOK_IDENTITY_PROVIDER="custom:MyAuth:my-key"

Keep in mind that the identity provider contract in Livebook is still evolving and it may change in future releases. Additionally, your code may rely on two dependencies: Req ~> 0.4 and JOSE ~> 1.11.

Development

If you want to try your custom identity provider in development, you can clone Livebook's git repository and then execute the following command inside Livebook's root folder:

$ mix setup
$ LIVEBOOK_IDENTITY_PROVIDER="custom:MyAuth" elixir -r path/to/my_auth.exs -S mix phx.server

← Previous Page Tailscale