I'm not sure auth, middleware and input/output processors difference
hi, team! I'm bit curious about auth feature. https://mastra.ai/ja/docs/auth
do you have some plan to provide a user guilde or customizable auth class like input/output processors?
now, i know mastra provides some auth providers feature via auth package and some more providers are being added. In some senario, I should create another auth feature like aws cognito, microsoft something, next-auth etc. Roughly speaking, we have to add jwt token verification or cookie decryption to verify whether api requester has the right to access our service or not, and additionally add runtime context by using jwt token claim information like custom attributes or something.
So, if possible, I want to see your guideline about authorization flow of mastra application. Especially,
- What's the difference between middleware, auth, input/output processors including pros/cons
- I'm not clear how mastra applications works enough. for example, what is exected earlier, middleware, auth and processors
- When developers add custom authentication feature into mastra app, what kind of considerations are required?
- for example, I'm not clear whether internal api requrests are successfully bypassed when developers set a custom authorization. and why?
- How to contain authorization based context information
- almost multi-tenant application needs this considerations, but it's not clear, I guess.
認証の概要
Mastra アプリ向けのさまざまな認証オプションについて学びましょう
3 Replies
📝 Created GitHub issue: https://github.com/mastra-ai/mastra/issues/8488
GitHub
[DISCORD:1423930896352018542] I'm not sure auth, middleware and inp...
This issue was created from Discord post: https://discord.com/channels/1309558646228779139/1423930896352018542 hi, team! I'm bit curious about auth feature. https://mastra.ai/ja/docs/auth do yo...
Hi @hayata-yamamoto !
- The auth middleware is used to add authentication at the Mastra server API level, meaning to protect your API routes.
- Middleware just acts like expressjs, hono, etc middleware, they allow you to customize the Mastra server routes basically.
- Input/output processors are used to manage inputs sent to the LLM (input processors) and outputs sent to users (output processors).
You can create your own auth middleware by implementing the
MastraAuthProvider interface available in the @mastra/core/server package. There are examples on how to implement this class in https://github.com/mastra-ai/mastra/tree/main/auth
When using a auth middleware, the runtimeContext gets populated with the user information when successfully authenticated. You can then use that info in your agents, etc...Thank you! Where is Mastra auth provider implementation guide? I know, your suggested url shows each auth provider implementations, but its complete version. When I want to create custom provider, I need to understand behavior by reverse engineering. I’m afraid, it’s bit costly for almost developers, I think
So, if possible, can you share a guide? It helps each developers create a custom provider implementations without waiting for your team updates. It maybe reduce the number of auth related issues, I guess