Learn how to configure and use the authentication provider in R2R
R2R’s CryptoProvider
and AuthProvider
combine to handle user authentication and cryptographic operations in your applications. This guide offers an in-depth look at the system’s architecture, configuration options, and best practices for implementation.
For a practical, step-by-step guide on implementing authentication in R2R, including code examples and common use cases, see our User Auth Cookbook.
When authentication is not required (require_authentication is set to false, which is the default in r2r.toml
), unauthenticated requests will default to using the credentials of the default admin user.
This behavior ensures that operations can proceed smoothly in development or testing environments where authentication may not be enforced, but it should be used with caution in production settings.
R2R’s Crypto & Auth system is built on two primary components:
These providers work in tandem to ensure secure user management and data protection.
The default R2RAuthProvider
offers a complete authentication solution.
Key features:
The default BCryptProvider
handles cryptographic operations.
Key features:
R2R uses a secret key for JWT signing. Generate a secure key using:
Set the key as an environment variable:
Never commit your secret key to version control. Use environment variables or secure key management solutions in production.
The AuthProvider is responsible for providing functionality to support these core endpoints in R2R:
register
: User registrationlogin
: User authenticationrefresh_access_token
: Token refreshlogout
: Session terminationuser
: Retrieve user datachange_password
: Update user passwordrequest_password_reset
: Initiate password resetconfirm_password_reset
: Complete password resetverify_email
: Email verificationget_user_profile
: Fetch user profileupdate_user
: Modify user profiledelete_user_account
: Account deletionrequire_authentication
to true
in production.require_email_verification
for enhanced security.To implement custom authentication flows in R2R, you can extend the AuthProvider
abstract base class. This allows you to create tailored authentication methods while maintaining compatibility with the R2R ecosystem.
Here’s an example of how to create a custom authentication provider:
To integrate external identity providers (e.g., OAuth, SAML) with R2R, you can create a custom AuthProvider
that interfaces with these external services. Here’s an outline of how you might approach this:
AuthProvider
:Remember to handle error cases, token storage, and user session management according to your application’s needs and the specifics of the external identity provider you’re integrating with.
This approach allows you to leverage R2R’s authentication abstractions while integrating with external identity providers, giving you flexibility in how you manage user authentication in your application.
To integrate with external identity providers (e.g., OAuth, SAML):
AuthProvider
.For high-traffic applications:
Common issues and solutions:
salt_rounds
.R2R’s Crypto & Auth system provides a solid foundation for building secure, scalable applications. By understanding its components, following best practices, and leveraging its flexibility, you can create robust authentication systems tailored to your specific needs.
For further customization and advanced use cases, refer to the R2R API Documentation and configuration guide.
Learn how to configure and use the authentication provider in R2R
R2R’s CryptoProvider
and AuthProvider
combine to handle user authentication and cryptographic operations in your applications. This guide offers an in-depth look at the system’s architecture, configuration options, and best practices for implementation.
For a practical, step-by-step guide on implementing authentication in R2R, including code examples and common use cases, see our User Auth Cookbook.
When authentication is not required (require_authentication is set to false, which is the default in r2r.toml
), unauthenticated requests will default to using the credentials of the default admin user.
This behavior ensures that operations can proceed smoothly in development or testing environments where authentication may not be enforced, but it should be used with caution in production settings.
R2R’s Crypto & Auth system is built on two primary components:
These providers work in tandem to ensure secure user management and data protection.
The default R2RAuthProvider
offers a complete authentication solution.
Key features:
The default BCryptProvider
handles cryptographic operations.
Key features:
R2R uses a secret key for JWT signing. Generate a secure key using:
Set the key as an environment variable:
Never commit your secret key to version control. Use environment variables or secure key management solutions in production.
The AuthProvider is responsible for providing functionality to support these core endpoints in R2R:
register
: User registrationlogin
: User authenticationrefresh_access_token
: Token refreshlogout
: Session terminationuser
: Retrieve user datachange_password
: Update user passwordrequest_password_reset
: Initiate password resetconfirm_password_reset
: Complete password resetverify_email
: Email verificationget_user_profile
: Fetch user profileupdate_user
: Modify user profiledelete_user_account
: Account deletionrequire_authentication
to true
in production.require_email_verification
for enhanced security.To implement custom authentication flows in R2R, you can extend the AuthProvider
abstract base class. This allows you to create tailored authentication methods while maintaining compatibility with the R2R ecosystem.
Here’s an example of how to create a custom authentication provider:
To integrate external identity providers (e.g., OAuth, SAML) with R2R, you can create a custom AuthProvider
that interfaces with these external services. Here’s an outline of how you might approach this:
AuthProvider
:Remember to handle error cases, token storage, and user session management according to your application’s needs and the specifics of the external identity provider you’re integrating with.
This approach allows you to leverage R2R’s authentication abstractions while integrating with external identity providers, giving you flexibility in how you manage user authentication in your application.
To integrate with external identity providers (e.g., OAuth, SAML):
AuthProvider
.For high-traffic applications:
Common issues and solutions:
salt_rounds
.R2R’s Crypto & Auth system provides a solid foundation for building secure, scalable applications. By understanding its components, following best practices, and leveraging its flexibility, you can create robust authentication systems tailored to your specific needs.
For further customization and advanced use cases, refer to the R2R API Documentation and configuration guide.