Tag Archives: Ai

Control Access to a FastAPI App

Leave a reply

Controlling access to a FastAPI app typically involves implementing authentication and authorization mechanisms. Here are some **decent approaches** to achieve this:

## 1. Authentication

– **OAuth2 with Password (and Bearer)**

    – Use FastAPI’s built-in support for OAuth2 for handling user login and issuing JWT tokens.

    – Users authenticate by providing a username and password, and receive a token which they then include in the Authorization header for subsequent API requests.

– **API Key**

    – Require clients to include a secret API key (in headers or query parameters) with each request.

    – Simple but less user-friendly and secure than OAuth2/JWT.

– **Session Authentication**

    – Use cookie-based sessions for traditional web apps.

## 2. Authorization

– **Role-Based Access Control (RBAC)**

    – Assign users roles (like admin, user, guest) and restrict certain endpoints or actions based on the user’s role.

– **Resource-Based Permissions**

    – Check user-specific access for resources (e.g., users can only access their own data).

## 3. Implementation in FastAPI

Example of using OAuth2/JWT bearer authentication:

“`python

from fastapi import FastAPI, Depends, HTTPException, status

from fastapi.security import OAuth2PasswordBearer

from jose import JWTError, jwt

app = FastAPI()

oauth2_scheme = OAuth2PasswordBearer(tokenUrl=”token”)

def verify_token(token: str = Depends(oauth2_scheme)):

    # Add your logic to verify JWT token here

    try:

        payload = jwt.decode(token, “your_secret_key”, algorithms=[“HS256”])

        return payload

    except JWTError:

        raise HTTPException(status_code=401, detail=”Invalid token”)

@app.get(“/protected-route”)

def protected_route(user=Depends(verify_token)):

    return {“message”: “You have access!”}

“`

## 4. Third-Party Libraries

– **fastapi-users**

Provides pluggable user authentication, registration, password management, and more.

– **Authlib**

Flexible library for implementing OAuth and JWT.

## 5. Additional Tips

– Always use HTTPS in production to protect credentials in transit.

– Regularly update dependencies to keep security patches up to date.

– Use environment variables to store secrets (never commit secrets in code).

This approach ensures robust access control suitable for both web and API-based FastAPI apps.

Agentic AI

Leave a reply

Agentic AI often involves multiple LLM calls, but the defining characteristic isn’t really the number of calls or their automation – it’s about agency and goal-directed behavior. An agentic AI system can pursue objectives, make decisions, and take actions to achieve those goals, rather than just responding to single prompts.

Here are the core elements that make AI “agentic”:

Autonomy: The system can operate independently, making its own decisions about what actions to take next based on its current situation and goals.

Goal-oriented behavior: It works toward specific objectives, potentially breaking down complex tasks into smaller steps.

Environmental interaction: It can perceive its environment (whether that’s web searches, file systems, APIs, etc.) and take actions that change that environment.

Planning and reasoning: It can think through sequences of actions and adapt its approach based on feedback.

The multiple LLM calls are often a technique used in agentic systems – where the AI might call itself recursively to plan, execute, reflect, and re-plan. But you could also have agentic behavior in a single conversation where an AI is making strategic decisions about how to approach a complex problem.

Think of it like the difference between a calculator (reactive – you input, it outputs) versus a research assistant (agentic – given a goal, it figures out what information to gather, where to look, how to synthesize findings, etc.).

<generated by claude.ai>

– manzoor

Large Language Models

Leave a reply

ChatGPT became publicly available in late 2022 and ever since there seems to have been a race in this AI domain. I have not really been really into the whole thing but am getting really interested.

A very high level timeline (will need to update / correct at some point)

2017 – some scientists at Google publish a paper, “Attention is all you need” proposing a new model called Transformer

2018 – GPT-1 with 117M Parameters

2019 – GPT-2 with 1.5B

2020 – GPT-3 175B

2022 – we have RLHF, Reinforcement Learning from Human Feedback, and ChatGPT

2023 – GPT-4 1T

2024 – GPT-4o

– manzoor