-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Vertex AI Gemini provider to use ModelAuthProvider #708
Conversation
e9df183
to
90795a1
Compare
@csotiriou @geoand It all works great, thanks, I'll have a couple of minor suggestions/questions at #694 a bit later, and once #694 is merged, I'll rebase this PR, thanks |
c0e4f04
to
d219240
Compare
d219240
to
6700f42
Compare
This is the latest from Gemini:
PR is ready for review :-), @geoand, @jmartisk, please have a look next week. Jan, since you have tested My plan, later, is to add one more OIDC authentication into the same (to be renamed) demo, and then also use another model, hopefully with Azure OpenAI, so the demo will evolve to show a fairly complex case but also how easily it can be done wit Quarkus LangChain4j and Quarkus security Thanks |
6700f42
to
ff1bc32
Compare
I think this makes sense, but just to be sure I understand the intent: When the application has this module, you expect the application to use the user's token, correct? |
Right. I'm not sure 100% yet how a situation where 2 remote model providers are used by the application, but only one of them requires a user token, and the |
Yeah, let's see if this use case makes sense for users before making things more complex |
The user token will have a user's authorization recorded, for example, when the user is authenticating to Google, the user will be asked to approve a registered application like |
Sure, the use case can be generalized as follows in a general OAuth2 way: Quarkus will access downstream services (Geminy model in this case) on behalf of the currently authenticated user only if this user gives a permission, which is quite a mainstream case with SSO.. |
@sberyozkin can you please rebase onto |
ff1bc32
to
a479e7a
Compare
Sorry @geoand, missed your ping; rebased it |
Thanks @jmartisk for verifying the demo works, I'll deal with your comments next. By the way, @geoand, what is a difference between |
They are different models |
That doesn't explain it too much for me - What extension do you use if you want to call, say, Mixtral or Claude through the Google Cloud? |
You don't currently |
6cb5d0a
to
e24b936
Compare
Interesting, I've got with the latest try:
As the demo instructs to sign off with the name of the model which produced the poem... @geoand @jmartisk If you are happy enough, please merge and I'll start planning to align azure-openai, vertex-ai as well |
e24b936
to
75732f0
Compare
This PR builds on the #694 PR created by @csotiriou and updates Vertex AI Gemini model provider to use ModelAuthProvider. It also adds a demo which depends on the
quarkus-langchain4j-oidc-model-auth-provider
extension which can help to pick up OIDC bearer or authorization code flow tokens.I'm yet to test it works.