Skip to content

Secure Auth Storage Service Requirement

This is the first step in this phase 5 introduction of authorization in to the agent platform. We will introduce an abstraction for the "Secure Auth Storage Service" that enable the agent platform to store and retrieve tool authorization information.

For an overview of the scope of phase 5, see @planning/2507-state-hitl-auth/05-01-auth-infra-overview.md.

Requirements

  • Introduce a new abstract class SecureAuthStorageManager that defines the interface for storing and retrieving tool authorization information for a given user and tool. We are targeting only OAuth 2.0, presently, but when designing the interface, it should be flexible enough to accommodate other authorization mechanisms in the future.
  • For OAuth 2.0 implementation type, tokens should be reusable for any tool that leverages the same authorization server and scopes.
  • Implement a concrete class InMemorySecureAuthStorageManager that implements the SecureAuthStorageManager interface and stores the authorization information in memory.
  • Introduce a factor class that will return an appropriate singleton instance of the configured SecureAuthStorageManager implementation as defined in the environment variables:
    • TA_SECURE_AUTH_STORAGE_MANAGER_MODULE - The module path to the SecureAuthStorageManager implementation.
    • TA_SECURE_AUTH_STORAGE_MANAGER_CLASS - The class name of the SecureAuthStorageManager implementation.