Skip to main content
Platform authentication requires proper JWT secret configuration for security in production environments. Platform authentication requires proper JWT secret configuration for security in production environments.
The user sets JWT secrets and token lifetimes so issued tokens validate correctly in every environment.

Quick Start

1

Set JWT Secret for Production

2

Start Platform Service


Configuration

Required Environment Variables

JWT Secret Security

Breaking Change: The platform now refuses to issue JWTs when running with the default secret outside PLATFORM_ENV=dev.

How It Works

The AuthService._issue_token method enforces JWT secret validation:

Token Issuance Flow


Production Deployment

Docker Configuration

Kubernetes Secret

Environment Variable Best Practices


Migration

Upgrading from Previous Versions

If you’re upgrading from a version without JWT secret validation, set PLATFORM_JWT_SECRET before restarting, or you’ll get a RuntimeError when users try to log in.
1

Generate Secret

2

Update Configuration

3

Restart Platform

Error Handling

When login() is called with misconfigured production deployment:
This error occurs during token issuance, not service startup, so the platform will start successfully but fail when users attempt to authenticate.

Development vs Production

Development Mode

Production Mode


Best Practices

Generate secrets with at least 256 bits of entropy using secrets.token_urlsafe(64) or equivalent. Never use predictable values.
Implement secret rotation every 90 days. When rotating, issue new tokens gradually to avoid service disruption.
Use dedicated secret management systems (AWS Secrets Manager, HashiCorp Vault, etc.) rather than plain environment variables.
Log and alert on RuntimeError exceptions during login to detect misconfigured deployments quickly.

RBAC Enforcement

Workspace membership and role-based access control

Platform SDK

Python SDK for platform integration