[Feature Request] Collaborative/Access Control enhancement

[jaschahuisman]

As discussed in issues #1735 and #1725, enhancing the collaborative capabilities of LangFlow can significantly improve user experience, particularly in team-based environments. This feature request outlines proposed improvements in authentication/role management, cross-account flow sharing, asynchronous updates, and flow version management.

Proposed Enhancements:

1. Improved Authentication and Role Management:

• Objective: Implement a more robust authentication system to support varying levels of user permissions.
• Implementation:
  • Integrate OAuth2 with current authentication systems to enable more secure and flexible user management.
  • Develop roles such as Admin, Editor, and Viewer, each with different permissions regarding the creation, editing, and viewing of flows.

2. Cross-Account Flow Sharing:

• Objective: Enable users to share workflows across different accounts, enhancing collaborative efforts.
• Implementation:
  • Create a sharing interface where users can invite others to access workflows by email or user ID.
  • Implement sharing permissions that allow users to set read-only or edit rights for each shared user.

2. Asynchronous Updates and Notifications:

• Objective: Allow users to receive updates on shared flows asynchronously, ensuring all collaborators are kept up-to-date.
• Implementation:
  • Utilize WebSockets for real-time data transfer to enable live updates without requiring page refreshes.
  • Integrate a notification system that alerts users to changes or comments in shared flows.

3. Flow Version Management:

• Objective: Implement a version control system for flows to track changes over time and enable rollback to previous versions if needed.
• Implementation:
  • Develop a version history feature that records each change made to a flow, along with the user who made the change and the time.
  • Provide an interface to view version history and revert to previous versions when necessary. Technical Considerations:

Ensure that all new features adhere to best practices in security and data privacy. Consider the scalability of the solution to accommodate a growing number of users and workflows.

Impact:

These enhancements will streamline collaborative efforts, improve security, and make LangFlow a more robust tool for both individual users and teams. They will also address current limitations noted by users, fostering a more efficient and user-friendly environment.

[ogabrielluiz]

Hey @jaschahuisman

These are awesome and some of them are in our (internal) roadmap.

We plan on using Casbin for the RBAC/ABAC.

Do you have the expertise for any of these? We can collaborate on them if you like.

[jaschahuisman]

No experience in Casbin here. Where can I find the roadmap? (curious 👀) @ogabrielluiz

[disdonline]

+1 on this.

"Utilize WebSockets for real-time data transfer to enable live updates without requiring page refreshes."

Would love this!

[ncecere]

was this part of the 1.0.0 release ?

[goodosoft]

How is the progress? I want to contribute to this feature.

[codenprogressive]

I was reading about how other frameworks deal with federated authentication. Here is an example of how Open Web UI integrates it: https://docs.openwebui.com/tutorial/sso/. I know the Langflow will leverage Casbin library to enable SSO. but if it is too complex can we implement something similar to what Open Web UI did?

I started replicating, I added in the create_app function in langflow/src/backend/base/langflow/main.py, two paths:

################################
### Integrate Google OAuth 2.0
################################

import os
import json
from starlette.config import Config
from authlib.integrations.starlette_client import OAuth
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import RedirectResponse

#######################
## Load OAuth variables
#######################
oauth_config_json = json.loads(os.environ["OAUTH_CFG"])
GOOGLE_CLIENT_ID=oauth_config_json['web']['client_id']
GOOGLE_CLIENT_SECRET=oauth_config_json['web']['client_secret']
SECRET_KEY = os.environ.get("SECRET_KEY") or "a_very_secret_key"

###################
## OAuth setup
###################
config_data = {'GOOGLE_CLIENT_ID': GOOGLE_CLIENT_ID, 'GOOGLE_CLIENT_SECRET': GOOGLE_CLIENT_SECRET}
starlette_config = Config(environ=config_data)
oauth = OAuth(starlette_config)
oauth.register(
    name='google',
    server_metadata_url='https://accounts.google.com/.well-known/openid-configuration',
    client_kwargs={'scope': 'openid email https://www.googleapis.com/auth/bigquery'},
)


app.add_middleware(
    SessionMiddleware,
    secret_key=get_settings_service().auth_settings.SECRET_KEY.get_secret_value()
    )


@app.get("/logingoogle")
async def google_login(request: Request):
    redirect_uri = request.url_for("login_to_get_access_token")
    print("Redirecting to", redirect_uri)
    return await oauth.google.authorize_redirect(request, redirect_uri)


@app.get("/logincallback")
async def login_to_get_access_token(
    request: Request,
):
    try:
        # 1. get token from google server
        access_token = await oauth.google.authorize_access_token(request)
        # ****rest of code here****
    except Exception as exc:
        if isinstance(exc, HTTPException):
            raise exc
        raise HTTPException(
            status_code=500,
            detail=str(exc),
        ) from exc
    
    return RedirectResponse(url='/')

My challenge is how to modify the typescript logic to redirtect to /googlelogin rather than the default /login. Typescript is not my strength.

Any help is much appreciated!!

[hakan-77]

Hi @ogabrielluiz, is Casbin still in the roadmap?