Authentication Overview

πŸ“‹ Planned

Documentation Under Construction

This page will explain Vanna's authentication model: you bring your own auth, and Vanna enforces permissions based on the user context you provide.

Planned Content

  • βœ“ Key concept: Vanna doesn't do authentication, you do
  • βœ“ How UserResolver pattern works
  • βœ“ User model: id, username, email, group_memberships, metadata
  • βœ“ RequestContext: cookies, headers, remote_addr
  • βœ“ Group-based access control overview
  • βœ“ When to implement authentication (production deployments)
  • βœ“ Links to concrete auth pattern examples

Want to contribute or suggest improvements? Open an issue on GitHub

Core Principle

Vanna doesn’t replace your authentication systemβ€”it integrates with it.

You implement a UserResolver that:

  1. Extracts user identity from requests (cookies, JWTs, session tokens)
  2. Returns a User object with id, groups, and metadata
  3. Vanna uses this to enforce tool permissions and row-level security

Coming Soon

This page will show:

  • The UserResolver interface
  • A minimal example
  • Links to 4 concrete patterns: Cookie-based, JWT, NextAuth.js, OAuth/SSO