JWT token configuration for PraisonAI Platform authentication
Platform authentication requires proper JWT secret configuration for security in production environments.Platform authentication requires proper JWT secret configuration for security in production environments.
import osfrom praisonaiagents import Agentagent = Agent(name="platform-admin", instructions="Configure JWT secrets for the platform.")os.environ.setdefault("PLATFORM_JWT_SECRET", "change-me-in-production")agent.start("Verify JWT settings before go-live.")
The user sets JWT secrets and token lifetimes so issued tokens validate correctly in every environment.
# Generate a secure secretpython -c "import secrets; print(secrets.token_urlsafe(64))"# Example output: kV8fTqZ2Jm5nR9sQ3xW8vY1bN7pL4dF6hG0jK9sA2cE5mZ8xW...# Set the environment variableexport PLATFORM_JWT_SECRET="your-generated-secret-here"
2
Start Platform Service
# With custom secret (production)export PLATFORM_JWT_SECRET="kV8fTqZ2Jm5nR9sQ3xW8vY1bN7pL4dF6..."praisonai-platform start# Or for development (allows default secret)export PLATFORM_ENV=devpraisonai-platform start
Breaking Change: The platform now refuses to issue JWTs when running with the default secret outside PLATFORM_ENV=dev.
# ✅ Valid configurationsexport PLATFORM_JWT_SECRET="your-secure-secret" # Production with custom secretexport PLATFORM_ENV=dev # Development (default secret OK)# ❌ Invalid configuration (will fail)# No PLATFORM_JWT_SECRET set and PLATFORM_ENV != "dev"
FROM python:3.11-slim# Set JWT secret via environmentENV PLATFORM_JWT_SECRET="your-secure-secret-from-secrets-manager"# Install and run platformRUN pip install praisonai-platformCMD ["praisonai-platform", "start"]
# Use a secrets managerexport PLATFORM_JWT_SECRET="$(aws secretsmanager get-secret-value --secret-id prod/jwt-secret --query SecretString --output text)"# Or read from fileexport PLATFORM_JWT_SECRET="$(cat /var/secrets/jwt-secret)"# Verify it's setecho ${PLATFORM_JWT_SECRET:0:10}... # Show first 10 characters only
If you’re upgrading from a version without JWT secret validation, set PLATFORM_JWT_SECRET before restarting, or you’ll get a RuntimeError when users try to log in.
# Add to your environment/configexport PLATFORM_JWT_SECRET="your-generated-secret"# Or for temporary local developmentexport PLATFORM_ENV=dev # NOT for production
3
Restart Platform
# Restart with new configurationpraisonai-platform restart
# Allow default secret (insecure, development only)export PLATFORM_ENV=devpraisonai-platform start# Default secret warning will be logged but service continues